US government watchdogs warned the Internal Revenue Service (IRS) about security flaws in the federal tax collection agency’s computer systems years before hackers stole the personal information of thousands of taxpayers from an IRS Web site.
IRS Commissioner John Koskinen was heading to Capitol Hill to answer questions about why the tax agency did not address those weaknesses.
“Computer security has been problematic for the IRS since 1997,” the agency’s inspector general said in a memo to US Treasury Secretary Jacob Lew in October last year.
In the memo, IRS Inspector General J. Russell George said securing taxpayer and employee data was the IRS’ top management challenge.
More recently, the Government Accountability Office issued a report in March that identified dozens of weaknesses in the IRS’ computer security. Until those weaknesses are fixed, “financial and taxpayer data will remain unnecessarily vulnerable to inappropriate and undetected use, modification or disclosure,” the office said.
Criminals stole the personal information of 104,000 taxpayers from an IRS Web site from February to the middle of last month, the agency disclosed last week. The information was stolen as part of an elaborate scheme to claim fraudulent tax refunds, Koskinen told reporters.
IRS investigators believe the thieves were based in Russia, two officials who were briefed on the matter said on condition of anonymity.
Koskinen and George were scheduled to testify before the US Senate Finance Committee yesterday morning. Koskinen was also due to appear before the Senate Homeland Security Committee yesterday afternoon.
“Last week’s devastating announcement that the private information of over 100,000 taxpayers had been compromised sent shock waves through the halls of Congress,” said Senator Orrin Hatch, chairman of the Finance Committee. “Given that the IRS’ own internal watchdog has repeatedly warned that their security system was not up to par, we need to find out exactly what happened, who is behind it and how we can move forward to ensure it never happens again.”
The IRS blames budget cuts for hampering the agency’s ability to upgrade its computer systems. In a statement, the IRS said funding for cybersecurity has fallen from US$187 million in 2011 to US$149 million this year, a drop of more than 20 percent.
Koskinen has said the IRS is still using some computer applications that date to the administration of former US president John F. Kennedy. In February, he warned Congress that budget cuts were preventing the IRS from improving safeguards against identity theft.
“The cuts we are making include delays to critical information technology investments of more than US$200 million this year,” Koskinen told the Finance Committee at a hearing. “This means, among other things, that aging IT systems will not be replaced and new taxpayer protections against identity theft will be delayed.”
The thieves took the taxpayer information from an IRS Web site called “Get Transcript,” where taxpayers can get tax returns and other tax filings from previous years.
The breach does not appear to be a traditional hack. The thieves already had detailed knowledge about each taxpayer, including their social security number, date of birth, tax filing status and street address.
This year, the thieves claimed about 15,000 refunds using information they stole from the Web site. Koskinen said the refunds totaled as much as US$50 million.
Since her personal telephone number was posted online, Hong Kong democracy advocate and Hong Kong Confederation of Trade Unions chairperson Carol Ng has received menacing calls from strangers and been bombarded with messages calling her a “cockroach.” She is not alone. A sophisticated and shady Web site called HK Leaks has ramped up its “doxxing” — where people’s personal details are published online — of Hong Kong democracy advocates, targeting those it says have broken Hong Kong’s National Security Law. Promoted by groups linked to the Chinese Chinese Communist Party and hosted on Russia-based servers, HK Leaks has become the most prominent “doxxing”
‘CONFESSED’: A court in Beijing said that former CCP member Ren Zhiqiang abused his power at a state firm and embezzled almost US$7.14 million of public funds A Chinese tycoon who called Chinese President Xi Jinping (習近平) a clown and criticized his handling of the COVID-19 pandemic was yesterday jailed for 18 years for corruption, bribery and embezzlement of public funds. Ren Zhiqiang (任志強) — once among the Chinese Communist Party’s (CCP) inner circle — disappeared from the public eye in March, shortly after penning an essay that lambasted Xi’s pandemic response. His outspokenness had earned the former chairman of state-owned property developer Huayuan Group the nickname “Big Cannon.” Yesterday’s verdict said that Ren embezzled almost 50 million yuan (US$7.4 million) of public funds and accepted bribes worth 1.25 million
A Malaysian student whose cellphone was stolen while he was sleeping has tracked down the culprit: a monkey who took photo and video selfies with the device before abandoning it. Zackrydz Rodzi, 20, on Wednesday said that his mobile phone was missing from his bedroom when he woke up on Saturday. He found the phone’s casing under his bed, but there was no sign of robbery in his house in Johor state. JUNGLE When his father saw a monkey the next day, he searched in the jungle behind his house. Using his brother’s cellphone to call his own device, he found it covered
AUSTRALIAN SITE: China has had a contract with SSC’s Yatharagga station since at least 2011, but the last time it used it was in June 2013. No final date has been given China would lose access to a strategic space tracking station in Western Australia when its contract expires, the facility’s owners said, a decision that cuts into Beijing’s expanding space exploration and navigational capabilities in the Pacific region. The Swedish Space Corp (SSC) has had a contract allowing Beijing access to the satellite antenna at the station since at least 2011. The station is located next to an SSC satellite station primarily used by the US and its agencies, including NASA. The Swedish state-owned company said it would not enter into any new contracts at the Australian site to support Chinese customers after