Negligence: IRS Was Warned About Potential Hacking of Sensitive Taxpayer Information, Did Practically Nothing

Posted: Jun 03, 2015 8:10 AM
Negligence: IRS Was Warned About Potential Hacking of Sensitive Taxpayer Information, Did Practically Nothing

IRS Commissioner John Koskinen was in the hot seat on Capitol Hill yesterday over a massive data breach and hacking of highly sensitive taxpayer information, including social security numbers. A number of taxpayers whose information was stolen have also lost their identities. 

Information and testimony given by Inspector General Russell George revealed the IRS was given multiple warnings and recommendations about how to prevent an attack or breach. The IRS failed to implement all of the recommendations given. More from Americans For Tax Reform (bolding is mine):

Over the last decade the IRS has failed to implement numerous recommendations that would make taxpayer information more secure. At a Senate Finance Committee hearing today Treasury Inspector General for Tax Administration (TIGTA) Chief J. Russell George revealed that the IRS failed to implement 44 recommendations that would improve the IRS’s ability to protect taxpayer information from hackers. Of these 44, ten recommendations were from audits over three years old.

If the IRS had implemented these recommendations, taxpayer information would be better protected and last week’s hack may have been prevented. As George said during today’s hearing, “It would have been much more difficult had they (IRS) implemented all of the recommendations that we made.”

Since 2007, the IRS has been warned at least seven times by watchdog groups that it needed to strengthen its protections of taxpayer information.

In a 2014 report, TIGTA warned that if stronger protections are not implemented, “taxpayers could be exposed to the loss of privacy and to financial loss and damages resulting from identity theft or other financial crimes.” The report was the latest in a series of warnings about the agency’s inability to protect taxpayer information.

A 2013 report found that the IRS had failed to fully implement eight recommendations that would increase security over taxpayer data despite telling TIGTA they had been implemented. A 2011 report found that taxpayer data was vulnerable to hackers and stronger security measures were needed and in 2010, TIGTA found that the agency had inadequate safeguards to protect taxpayer information from contract workers.

Instead of modernizing its system to protect taxpayer information from hackers, the IRS wasted taxpayer dollars by purchasing Nerf footballs that were never used, the world’s largest crossword puzzle, $100 lunches, and Thomas the Tank Engine Wristbands. 

The IRS also spent millions of tax dollars on the production of a series of Star Trek, Gilligan's Island and dance videos.

As Senator Tim Scott mentions in the interview above, the IRS receives $1 billion each year for IT work. 

Meanwhile, despite the breach and likely identity theft of 200,000 taxpayers thanks to the negligence of IRS officials, Americans are still required by law to submit personal information to the tax agency or face penalties, fines and in some cases, prison time.