IRS Commissioner John Koskinen took heat from lawmakers Wednesday over the recent breach of 100,000 people’s tax records.
Senate Finance Committee Chairman Orrin Hatch, R-Utah, slammed Koskinen Wednesday during his opening remarks and said the IRS must work to prevent similar breaches in the future.
“Your agency has failed these taxpayers,” Hatch told Koskinen during the hearing.
The committee called for the hearing after the IRS last week announced a breach in its “Get Transcript” system. Criminals gained access to tax information by manipulating the system’s knowledge-based authentication system. Koskinen said last week the breach could mean the IRS lost as much as $50 million to fraudulent returns.
The commissioner told the committee the IRS will soon “announce an agreement on short-term solutions to help better protect personal information in the coming tax filing season and to continue to work on longer-term efforts to protect the integrity of the nation’s tax system.”
Koskinen was short on details, but he said he met with state tax administrators and tax preparation companies to find ways to better share information and enhance security for next year’s tax season.
Earlier this year, TurboTax temporarily shut down its state e-filing system after parent company Intuit Inc. found people were filing fraudulent returns through its tax prep software.
Koskinen also said his agency is dealing with largely outdated IT systems, including some that are close to 50 years old. The commissioner said his staff has tried to patch some of these systems, but they are so old, patches no longer exist or weren’t created.
Sen. Ron Wyden, D-Ore., the committee’s ranking member, said it’s crucial for the IRS to move its IT “out of the dark ages” if it wants to stop these kinds of problems.
“The era of punch cards and paper forms ended long ago,” Wyden said. “Federal agencies like the IRS need to tap into the expertise of our leading tech firms, who serve hundreds of millions of users. That expertise will allow IRS the avoid the pitfalls of the past.”
J. Russell George, the Treasury inspector general for tax administration, told the committee that despite the aging systems, his office has recommended several security adjustments to the IRS. George said the agency has only instituted a handful of the recommendations his office made in recent audits.
“It is a daunting task to protect data and IT systems,” George said. “Security controls that may have worked in the past may not work if hackers are persistent.”
Koskinen said the IRS is always working to upgrade systems where it can, but it is hamstrung by the recent loss of several staffers from its IT department, along with constrained budgets and the unfunded mandate to align its systems with the tax penalties related to Healthcare.gov.
The commissioner also told the committee the IRS would like a system that gives it more information related to W-2 and 1099 forms, which would give the agency a better chance at catching fraudulent filings before they are paid out.