U.S. Rep. Barbara Comstock (R-VA) led a subcommittee hearing on Thursday that probed a recent report that found the IRS susceptible to cyberattacks.
In a report released in November, the Treasury Inspector General for Tax Administration (TIGTA) found that the IRS’s identity authentication processes for online services fell short of government information security standards.
Comstock, the chairwoman of the House Science, Space and Technology Subcommittee on Research and Technology, heard testimony from IRS Commissioner John Koskinen about the report.
“As the deadline to file taxes winds down, the only question on taxpayers’ minds should be when they will receive their tax refund, and not whether someone else has already beaten them to it,” Comstock said. “As someone whose information was compromised in last year’s (Office of Personnel and Management) hack, I assure you, more security is better than less.”
In May 2015, the IRS announced that cyber criminals had gained unauthorized access to the personal information of 700,000 taxpayers by correctly answering security questions on an online application.
U.S. Rep. Darin LaHood (R-IL), a member of the subcommittee, said that federal agencies must be able to protect sensitive information from cyber criminals if the federal government requires people to provide it
“The IRS remains highly vulnerable to hackers and cyberattacks, and yet the commissioner failed to sufficiently answer our committee’s questions on why the GAO’s recommendations have not been implemented,” LaHood said. “During the hearing (on Thursday), the IRS commissioner confidently cited a high rate of prevented breaches last year. But we aren’t talking about a grade on a test where a certain percentage merits a passing score, we are talking about the lives of hard working Americans. Until each taxpayer’s information is 100 percent secure, the IRS has no reason to be so confident. Americans need a better reason to feel confident in the IRS, and they still don’t have one.”
U.S. Rep. Randy Hultgren (R-IL), meanwhile, questioned Koskinen about assurances that the IRS could defend against cyberattacks given its “abysmal record” of holding agency officials accountable.
“In the real world, one would lose their job if they had not taken the necessary steps to ensure customer records are kept private,” Hultgren said. “Small businesses are threatened everyday by regulators if they aren’t in compliance with laws and regulations. The IRS must be held to the same level of accountability as the rest of America.”