The IRS was recently hit with a massive data breach that compromised the records of more than 100,000 taxpayers. However, some experts believe that the IRS breach would have been 'much more difficult' to execute if security upgrades were implemented prior to the incident.
J. Russell George, treasury inspector general for tax administration, explained at a Senate committee hearing in early June that the IRS failed to implement dozens of security upgrades that could have helped deter hackers.
George told the panel that 44 security recommendations to the IRS, including suggestions to apply high-risk computer security upgrades known as patches and monitor its servers, “have yet to be implemented.” Ten of these recommendations were allegedly made more than three years ago.
In addition, the Government Accountability Office issued a report in March that identified more than 50 weaknesses in the IRS's computer security that hadn't been resolved, according to Associated Press.
Until those weaknesses are addressed, “financial and taxpayer data will remain unnecessarily vulnerable to inappropriate and undetected use, modification or disclosure,” the GAO told the AP.
The breach occurred on an IRS website called Get Transcript, which lets taxpayers download their tax returns and other tax filings from previous years. Hackers attempted to download transcripts from about 200,000 email domains and made a total of 104,000 successful downloads, according to The Guardian.
However, since the hackers had to insert Social Security numbers, dates of birth, tax filing statuses and street addresses to download these documents, the IRS believes the hackers obtained this information from somewhere other than the agency. The source of the information has not been identified.
Experts point to cuts in cybersecurity funding, which have decreased by 20 percent since 2011, to $149 million in 2015, as a potential drawback when it comes to taking proactive measures.
IRS Commissioner John Koskinen explained during the hearing that the agency requested $600 million over the past two years for computer upgrades related to the health law, but didn't receive any funding from Congress.
However, Koskinen explained that he doesn't want to point his finger at budget cuts.
“Not every problem is a budget problem, so I don't want to wander around town every time we have a challenge saying, 'Ah, if we had more money, we'd fix it,'” Koskinen said. He explained that this is a "technology issue," rather than a budget issue.
Panel chairman Orrin Hatch explained during the hearing that the IRS “failed” those taxpayers whose records were compromised.
Hatch said, “We must pledge to work together to make sure that this type of breach does not happen again.”
He also said he believes the IRS will be more frequently targeted in the future.
“The IRS stores highly sensitive information on each and every American taxpayer, from individual taxpayers to large organizations and mom and pop businesses to multinational corporations,” Hatch explained.