Chalk up another one for the IRS. In addition to refund delays, unnecessary audits and reams of ridiculous red tape, the government agency has just scored another consumer nightmare: its computer system was hacked, and the agency does not exactly know when.
Personal data belonging to tens of thousands of American taxpapers was stolen by the hackers, believed to part of an organized crime syndicate.
Congress was notified last week, ahead of releasing the information to the media, but stayed mum in order to allow investigators to open and pursue a criminal case.
Nevertheless — perhaps even unbelievably — Federal Tax Commissioner John Koskinen told reporters in a conference call on Tuesday, “This is not a security breach. Our basic information is secure.”
Legislators do not agree.
“That the IRS – home to highly sensitive information on every single American and every single company doing business here at home – was vulnerable to this attack is simply unacceptable,” said U.S. Senator Orrin G. Hatch (R-UT). Chairman of the Senate Finance Committee which oversees the IRS, Hatch told reporters the agency has been warned repeatedly to do more to protect taxpayers, but “fell short.”
According to the commissioner, the hackers exploited the recently developed ’Get Transcript’ application to access tax returns of taxpayers going back five years or more.
The app was praised in 2014 as part of President Barack Obama’s initiative to streamline the government. At the time, the IRS insisted it was taking strong security steps to backup the app, which used the kind of information requested and stored by credit ratings bureaus.
Out of some 200,000 attempts to access individual records, said Koskinen, the hackers succeeded 104,000 times.
In order to cover their tracks, they filed fraudulent returns, although it appears they only managed to submit some 15,000 or so.
But the breach wasn’t even noticed until mid-May; it was only picked up when IRS workers picked up odd Internet activity from the tax filing season.