IG: IRS failed to upgrade security before cyberattack

Associated Press

WASHINGTON

The IRS failed to implement dozens of security upgrades to its computer systems, some of which could have made it more difficult for hackers to use an IRS website to steal tax information from 104,000 taxpayers, a government investigator told Congress Tuesday.

The agency’s inspector general couldn’t say whether the upgrades would have prevented the breach. But, he added, “I can say it would have been much more difficult had they implemented all of the recommendations that we made.”

Each year, the Treasury inspector general for tax administration audits the IRS’s security systems and recommends improvements. As of March, 44 of those upgrades had not been completed, said the inspector general, J. Russell George.

Ten of the recommendations were made more than three years ago.

In addition, the Government Accountability Office issued a report in March that identified more than 50 weaknesses in the IRS’s computer security that had not been resolved. Until those weaknesses are fixed, “financial and taxpayer data will remain unnecessarily vulnerable to inappropriate and undetected use, modification or disclosure,” the GAO said.

George testified Tuesday before the Senate Finance Committee.

He was joined by IRS Commissioner John Koskinen, who disputed George’s claims that the upgrades would have helped deter the breach.