IRS Watchdog: Agency Failed to Heed Taxpayer Data Breach Warnings
Last week the IRS disclosed that hackers had stolen the personal tax information of over 100,000 households and used it to file fraudulent tax returns. If the IRS had taken the necessary steps to safeguard taxpayer data, it is possible the hack could have been prevented. Over the past decade, the IRS was repeatedly warned by watchdog groups it needed to increase its protection of taxpayer information.
Over the last decade the IRS has failed to implement numerous recommendations that would make taxpayer information more secure. At a Senate Finance Committee hearing today Treasury Inspector General for Tax Administration (TIGTA) Chief J. Russell George revealed that the IRS failed to implement 44 recommendations that would improve the IRS’s ability to protect taxpayer information from hackers. Of these 44, ten recommendations were from audits over three years old.
If the IRS had implemented these recommendations, taxpayer information would be better protected and last week’s hack may have been prevented. As George said during today’s hearing, “It would have been much more difficult had they (IRS) implemented all of the recommendations that we made.”
Since 2007, the IRS has been warned at least seven times by watchdog groups that it needed to strengthen its protections of taxpayer information.
In a 2014 report, TIGTA warned that if stronger protections are not implemented, “taxpayers could be exposed to the loss of privacy and to financial loss and damages resulting from identity theft or other financial crimes.” The report was the latest in a series of warnings about the agency’s inability to protect taxpayer information.
A 2013 report found that the IRS had failed to fully implement eight recommendations that would increase security over taxpayer data despite telling TIGTA they had been implemented. A 2011 report found that taxpayer data was vulnerable to hackers and stronger security measures were needed and in 2010, TIGTA found that the agency had inadequate safeguards to protect taxpayer information from contract workers.
Instead of modernizing its system to protect taxpayer information from hackers, the IRS wasted taxpayer dollars by purchasing Nerf footballs that were never used, the world’s largest crossword puzzle, $100 lunches, and Thomas the Tank Engine Wristbands.
The IRS has also repeatedly failed to produce tax complexity reports despite being legally required to do compile one each year. As the National Taxpayer Advocate noted in its Annual Report to Congress, the agency has only ever completed two reports, in 2000 and 2002. The IRS says it requires “about two full time employees working for about a year” to complete the report, which it apparently cannot find despite having over 82,000 full time employees.