As Americans get perilously close to the April 18 deadline to file their taxes, officials testified in Washington on Tuesday about the threats the federal tax system faces from online attackers.
“We need to be able to anticipate the criminals’ next moves, and attempt to stay ahead of them,” Internal Revenue Service Commissioner John Koskinen said at a hearing of the Senate Committee on Finance on Tuesday. “We need to keep the criminals out while letting the legitimate taxpayers in.”
The IRS thwarted 1.4 million fake returns that identity thieves attempted to file last year, Koskinen said in prepared testimony, preventing the loss of about $8.7 billion in stolen tax refunds. Testimony from the Government Accountability Office on Tuesday said that the IRS estimated that $3.1 billion was paid out in fraudulent returns over the 2014 tax season, and $22.5 billion in fake returns was thwarted.
"The reality is criminals are becoming increasingly sophisticated and are gathering vast amounts of personal information as the result of data breaches at sources outside the IRS," Koskinen said.
In May 2015, the IRS said criminals had used the agency’s online “Get Transcript” system to obtain information that could be used to file fraudulent returns. A nine-month investigation found that accounts for as many as 390,000 taxpayers had been potentially accessed, while 295,000 more were targeted but not accessed.
“It was unacceptable for the IRS to leave the front door open to hackers by using a weak authentication process for its ‘get transcript’ system,” Sen. Ron Wyden, D-Oregon, said during Tuesday’s hearing. “It meant thieves could walk through the door and steal the tax information of three quarters of a million taxpayers.”
The IRS has received $290 million to help support upgrades to systems including its information security and ID theft protections. Wyden emphasized the challenges the IRS — like other federal agencies — faces in trying to entice top tech employees, who can often earn more working outside the government.