Wed, Jun 03, 2015 - Page 7 News List

IRS commissioner faces security questions


US government watchdogs warned the Internal Revenue Service (IRS) about security flaws in the federal tax collection agency’s computer systems years before hackers stole the personal information of thousands of taxpayers from an IRS Web site.

IRS Commissioner John Koskinen was heading to Capitol Hill to answer questions about why the tax agency did not address those weaknesses.

“Computer security has been problematic for the IRS since 1997,” the agency’s inspector general said in a memo to US Treasury Secretary Jacob Lew in October last year.

In the memo, IRS Inspector General J. Russell George said securing taxpayer and employee data was the IRS’ top management challenge.

More recently, the Government Accountability Office issued a report in March that identified dozens of weaknesses in the IRS’ computer security. Until those weaknesses are fixed, “financial and taxpayer data will remain unnecessarily vulnerable to inappropriate and undetected use, modification or disclosure,” the office said.

Criminals stole the personal information of 104,000 taxpayers from an IRS Web site from February to the middle of last month, the agency disclosed last week. The information was stolen as part of an elaborate scheme to claim fraudulent tax refunds, Koskinen told reporters.

IRS investigators believe the thieves were based in Russia, two officials who were briefed on the matter said on condition of anonymity.

Koskinen and George were scheduled to testify before the US Senate Finance Committee yesterday morning. Koskinen was also due to appear before the Senate Homeland Security Committee yesterday afternoon.

“Last week’s devastating announcement that the private information of over 100,000 taxpayers had been compromised sent shock waves through the halls of Congress,” said Senator Orrin Hatch, chairman of the Finance Committee. “Given that the IRS’ own internal watchdog has repeatedly warned that their security system was not up to par, we need to find out exactly what happened, who is behind it and how we can move forward to ensure it never happens again.”

The IRS blames budget cuts for hampering the agency’s ability to upgrade its computer systems. In a statement, the IRS said funding for cybersecurity has fallen from US$187 million in 2011 to US$149 million this year, a drop of more than 20 percent.

Koskinen has said the IRS is still using some computer applications that date to the administration of former US president John F. Kennedy. In February, he warned Congress that budget cuts were preventing the IRS from improving safeguards against identity theft.

“The cuts we are making include delays to critical information technology investments of more than US$200 million this year,” Koskinen told the Finance Committee at a hearing. “This means, among other things, that aging IT systems will not be replaced and new taxpayer protections against identity theft will be delayed.”

The thieves took the taxpayer information from an IRS Web site called “Get Transcript,” where taxpayers can get tax returns and other tax filings from previous years.

The breach does not appear to be a traditional hack. The thieves already had detailed knowledge about each taxpayer, including their social security number, date of birth, tax filing status and street address.

This year, the thieves claimed about 15,000 refunds using information they stole from the Web site. Koskinen said the refunds totaled as much as US$50 million.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top