Lawmakers alarmed by scale of IRS security threats

Lawmakers alarmed by scale of IRS security threats
© Getty Images

Lawmakers are sounding the alarm over the vulnerability of sensitive taxpayer data as the Internal Revenue Service’s deadline for the 2017 tax filing season looms.

Cyber criminals have increasingly turned to hacking and phishing email schemes to obtain sensitive taxpayer information, which can be used to commit tax fraud or identity theft.

The issue has caught attention on Capitol Hill, with lawmakers from both parties putting pressure on the IRS to do more to protect taxpayers.

“Criminals are becoming even more sophisticated and ruthless in ways they commit tax identity theft and file fraudulent returns with ill-gotten personal information,” Rep. Steve Chabot (R-Ohio), chair of the House Small Business Committee, said at a hearing on Thursday. “At a minimum, the goal of the IRS must be to make this crime harder, not easier, for identity thieves to commit.” 

“It has become clear that the IRS, like all agencies trusted with the American people’s most sensitive personal information, needs to step up its game,” he said.  

The IRS itself was a target of a successful breach in 2015 that exposed personal data in upwards of 700,000 taxpayer accounts. Last year, IRS Commissioner John Koskinen told lawmakers that there are over a million malicious attempts to breach the department’s computer systems each day.

This week, Senate Finance Committee ranking member Ron WydenRonald (Ron) Lee WydenHillicon Valley: Verizon, AT&T call off data partnerships after pressure | Tech speaks out against Trump family separation policy | T-Mobile, Sprint make case for B merger AT&T, Verizon say they'll stop sharing location data with third-party brokers The Memo: Child separation crisis risks ‘Katrina moment’ for Trump MORE (D-Ore.) sent a pair of letters to Koskinen expressing concerns about the agency’s cybersecurity efforts. He pressed the IRS to make better use of an email authentication tool that helps block phishing emails that target taxpayers. 

The IRS witnessed a roughly 400-percent surge in phishing and malware incidents during last tax season, in which emails impersonating the IRS or other tax industry entities to trick taxpayers into handing over information. 

Wyden also took issue with President Trump’s budget blueprint released in March, which would cut $239 million from the IRS. 

“This continued budgetary onslaught can only result in the agency increasingly being unable to provide basic customer service to taxpayers, much less safeguard taxpayer data from cyber criminals who would wreak havoc with their financial livelihoods,” Wyden wrote. 

On Thursday, a U.S. Treasury watchdog testifying before the Small Business Committee indicated that budget reductions have limited the agency’s ability to safeguard taxpayer data. 

Russell George, the Treasury inspector general, said that the agency has done less in the area of working with e-filing providers to secure taxpayer data as a result of reduced funding.

At the same time, George noted that the new administration’s formal budget has not yet been released with specific details about the reductions to the IRS. 

“The bottom line is, with additional resources, the IRS could do more,” George said. 

While cutting funding, Trump’s budget proposal directs the IRS to focus resources on fighting identity theft, fraud, and reducing the deficit through enforcement of tax laws. It also calls on the Treasury Department to strengthen cybersecurity.

Conservatives lambasted the IRS during the Obama administration for targeting right-leaning groups for tax scrutiny and wasting funds. 

Chabot emphasized on Thursday his belief that the organization does not have a funding problem.

“To be clear, this is not an issue of funding at the IRS. It is an issue of priorities at the IRS,” Chabot said.

“If the IRS can pay out big bonuses to its employees — some of whom were implicated in the targeting of Americans for their political views — it should be able to find the money to protect people’s data from identity thieves.”