Senators scold IRS for data insecurities as tax agency claims more than 1mn daily hack attempts

© Kacper Pempel
US senators accused the Internal Revenue Service of failing to protect Americans’ private data during a hearing in which the head of the IRS revealed that over a million “malicious attempts” at hacking take place every day against the agency’s computers.

Despite mounting criticism, IRS Commissioner John Koskinen told the Senate Finance Committee that his agency has made “steady progress” in dealing with fraudulent refund claims. 

However, the IRS is now dealing with a much more serious problem, notably, “organized crime syndicates.”

“They are gathering, as the chairman noted, almost unimaginable amounts of personal data from sources outside the IRS so they can do a better job of impersonating taxpayers, evading our return-processing filters and obtaining fraudulent refunds,” Koskinen said in his opening statement Tuesday.

According to the commissioner’s estimate, the IRS computers “withstand more than 1 million malicious attempts to access them each day.”

“We work continuously to protect our main computer systems from cyber attacks and to safeguard taxpayer information stored in our databases,” Koskinen said.

In February, the IRS admitted that hackers might have targeted 1.2 million accounts on its “Get Transcript” application, which gives taxpayers immediate access to their tax history online.

In written testimony to the committee, Koskinen wrote that the agency has “initially identified approximately 114,000 taxpayers whose transcripts had been accessed and approximately 111,000 additional taxpayers whose transcripts were targeted but not accessed” during last year’s tax filing season.

However, despite the positive outlook, senators have accused the IRS failing to provide a proper protection of Americans’ private data. Some lawmakers pointed fingers at the government and Congress in particular.

"It was unacceptable for the IRS to leave the front door open to hackers by using a weak authentication process for its 'get transcript' system," said Sen. Ron Wyden (Oregon), top ranking Democrat on the Finance Committee, adding that it means that thieves could “steal the tax information of three quarters of a million taxpayers."

"In my view, taxpayers have been failed by the agencies, the companies and the policymakers here in Congress they rely on to protect them,” he said.

READ MORE: ​IRS says records of more than 100,000 taxpayers hacked

Sen. Chuck Grassley (R-Iowa) has accused the IRS of failing to implement inexpensive recommendations which it received from the Government Accountability Office such as changing passwords on some of its servers every 90 days or providing online security training to new contractors.

Sen. Tom Carper (D-Delaware) called out his colleagues for failing to financially support the IRS so it could improve its cybersecurity.

“When it comes to protecting American taxpayers’ sensitive information online, Congress continues to ask the IRS to do more with less by enacting deep and damaging cuts to the agency’s budget,” Carper said.

For the fiscal year 2016, which began October 1, 2015 and ends September 30, 2016, the IRS’s funding was increased by $290 million to $11.2 billion, a sum which included assets to fight cyber fraud and identity theft.

However, Carper lambasted his colleagues for withholding needed funds from the IRS.

“Over the last five fiscal years, with roughly a 10 percent reduction in funding from 2010 to 2015, Congress has cornered the IRS into cherry picking what services it can afford to provide American taxpayers,” he said.