Washington, D.C. – The Research and Technology Subcommittee today held a hearing to hear from IRS Commissioner John Koskinen following a recent Government Accountability Office (GAO) report that highlights severe cybersecurity vulnerabilities at the agency. Such security gaps could expose taxpayers’ most sensitive data to hackers and cyber criminals. The IRS has failed to fully implement 94 outstanding GAO cybersecurity recommendations.

Research & Technology Subcommittee Chairwoman Barbara Comstock (R-Va.): “As the deadline to file taxes winds down, the only question on taxpayers’ minds should be when they will receive their tax refund, and not whether someone else has already beaten them to it. As someone whose information was compromised in last year’s OPM hack, I assure you, more security is better than less.”

On May 26, 2015, the IRS announced that criminals had gained unauthorized access to taxpayer information through an online application by accurately answering taxpayers’ security questions.  As a result, over 700,000 taxpayers have had their personal and tax data stolen. 

Chairman Lamar Smith (R-Texas): “For cyber criminals, this information is similar to making duplicate keys to your house.  It’s a license to steal whenever and wherever the criminals find an opportunity.  The IRS security breach demonstrates once again that rigorous adherence to all cybersecurity protections must be the top priority for every federal agency. Slow responses and partial measures at the IRS do not protect innocent Americans from these cyber-attacks. The government should be accountable to the people and keep Americans’ sensitive information secure.”

According to a report published last November by the Treasury Inspector General for Tax Administration (TIGTA), the IRS’ identity authentication methods for online services do not comply with Government Information Security Standards.  As a result of these vulnerabilities, the TIGTA report found that, “unscrupulous individuals have gained unauthorized access to tax account information.”

For more information on the hearing, including witness testimony and the archived webcast, please visit the Committee’s website.