A report on IRS identity theft protections by the Treasury Inspector General for Tax Administration was publicly released today, revealing that an estimated 2.2 million tax returns were not entered into a key system used in fraud detection.
According to the report, the 2.2 million returns were not uploaded into the Dependent Database, known as DDb, due to “an oversight.” The IRS was not aware of its failure to load the returns into DDb until notified by TIGTA on Feb. 13, 2015. The IRS eventually corrected the issue three weeks later, on March 6, 2015.
The TIGTA report, titled “Continued Refinement of the Return Review Program Identity Theft Detection Models Is Needed to Increase Detection” notes the failure to recognize some legitimate identity theft cases and failure to properly maintain taxpayer data between the DDb system and an additional fraud detection filter, the Return Review Program (RRP), occurred in part because the IRS did not fully implement all capabilities of the selection models such as filters and flagged selection groups.
“Internal IRS guidelines require tax examiners to monitor the taxpayer’s account to determine whether the taxpayer updated their address or provided a reasonable explanation of why the refund was returned undeliverable. If after 30 calendar days the taxpayer has not satisfactorily resolved the issue and the refund has not been reissued, the IRS will treat the refund as being associated with an identity theft tax return and reverse the fraudulent tax return’s data entries from the taxpayer’s account and place an identity theft indicator on the taxpayer’s account. When we brought this to IRS management’s attention on July 10, 2015, the IRS responded that it had not started this process nor has a start date for this process been established.”
When questioned, IRS officials “did not have an explanation as to why procedures were only changed for checks returned undeliverable”.
The Office of Audit commented on this problem:
“Review of the 70 accounts found that 61 did not have the required undeliverable tax refund check process identity theft indicator. For the remaining nine, the indicators were added subsequent to the completion of our analysis”-- meaning these taxpayers did not get their refund and accounts were flagged as fraudulent.
Failure to protect taxpayer data is not an isolated case when it comes to the IRS. Last year, the agency’s ineptitude resulted in the taxpayer data of 330,000 filers being stolen, despite countless watchdog warnings.
Since 2007, the IRS was warned at least seven times by watchdog groups that it needed to strengthen its protections of taxpayer information. Most recently:
- In a 2014 report, the Treasury Inspector General for Tax Administration (TIGTA) warned that if stronger protections are not implemented, “taxpayers could be exposed to the loss of privacy and to financial loss and damages resulting from identity theft or other financial crimes.”
- A 2013 report found that the IRS had failed to fully implement eight recommendations that would increase security over taxpayer data despite telling TIGTA they had been implemented.
- A 2011 report found that taxpayer data was vulnerable to hackers and stronger security measures were needed.
- In 2010, TIGTA found that the agency had inadequate safeguards to protect taxpayer information from contract workers.
- IRS May Still Be Targeting Conservative Groups
- IRS Erases Hard Drive Despite Court Order
- Hatch Seeks Answers From IRS On Deleted Hard Drive
- Latest IRS Power Grab Takes Aim at Charitable Donations
- Congress Should Impeach IRS Commissioner John Koskinen
- Obama Justice Department Lets Lois Lerner Walk Free
- Lois Lerner's IRS Granted Only ONE Conservative Group Non-Profit Status in Three Years
- Senate Report: Lois Lerner's Political Views Resulted in Disparate Treatment of Conservative Groups
- How Exactly Did Lois Lerner's Hard Drive Receive "scoring on the top platter"?
- IRS Failure to Heed Watchdog Warnings Puts 330,000 Taxpayers at Risk
- IRS "Midnight Unit" Destroyed Backup Tapes With Lois Lerner Emails
- The Curious Case of Lois Lerner's Physically Damaged Hard Drive
- IRS Failed to Search Five of Six Locations for Lois Lerner Emails
- IRS Used Instant Messaging System to Hide Internal Communications
- House Oversight Committee Details Case for Removal of IRS Commissioner
- Watchdog: IRS May Still Be Targeting Conservative Non-Profits
- IRS Watchdog: Agency Failed to Heed Taxpayer Data Breach Warnings