The IRS claims it will finally fix the agency’s tech infrastructure.
But history shows that will likely not be the case, as the IRS has consistently failed to upgrade its aging technology for more than 40 years despite repeated funding surges and promises to get the job done.
Given the agency’s culture — with its lack of accountability for nonperformance — taxpayers shouldn’t get their hopes up.
Below is a timeline documenting the IRS tech failures, starting in 1982:
April 4, 1982: LAMENT OF THE REAGAN I.R.S.; By David Shribman, The New York Times
“Meanwhile, the I.R.S. is struggling with a data processing system that is, by its own admission, ‘grossly short of the capacity and modern state-of-the-art efficiency that is essential for an effective tax system in the 1980’s.’
Its computer data facilities, parts of which are as many as 17 years old, must be replaced. The agency plans to put into effect a modernization program by 1985, replacing computers in its local service centers, buying a computerized microfilm research system and replacing outmoded hardware at the service’s National Computer Center.
‘Without this,’ Mr. Egger said, ‘we face the prospect of breakdowns which will make the service unresponsive to taxpayers and our own internal needs.’”
April 22, 1985: Taxes: Moving in Slo-Mo At the IRS; Time Magazine
“IRS Commissioner Roscoe Egger acknowledged last week that his agency is taking as long as twelve weeks to send out refunds, two weeks longer than last year. The sluggishness of the IRS, said Egger, is the result of glitches in setting up a new $103 million Sperry Univac 1100/84 computer system.”
Some anonymous IRS employees told journalists that the tax backlog had got so bad that agency workers had deliberately shredded thousands of returns.
April 29, 1985: IRS Problems Worse Than Previously Thought; By Anne Swardson, The Washington Post
“Internal Revenue Service computer and operational problems are more widespread than previously thought, and more than 150,000 taxpayers may have received erroneous dunning notices from the troubled Philadelphia Service Center alone, according to two new government reports.
Some area taxpayers who filed early in the tax season are experiencing unusually long delays in getting their refunds and, in a twist, taxpayers who waited longer to file are likely to get their refunds first.
The delays were caused by the failure of the $103 million computer system to record many returns the first time they were put through the system.”
“Rep. Doug Barnard Jr. (D-Ga.) has accused the IRS of ‘grossly inadequate planning’ for installation of its new computer, including underestimating the time it would take to train employees to use the system and choosing a computer language inappropriate to the type of computer.”
May 25, 1985: 1.5 MILLION TAX RETURNS DELAYED IN PROCESSING; By David E. Sanger, The New York Times
“The Internal Revenue Service, still suffering the effects of computer problems that plagued it earlier this year, said today that some taxpayers might have to file duplicate returns to get their refunds.
The I.R.S. said the processing of 1.5 million individual returns had been delayed because of problems registering them with its master computer file in Martinsburg, W.Va.
As a result, a large number of taxpayers – possibly several hundred thousand – may not receive their refunds until after the June 1 deadline that the Government is racing to meet. From that date, taxpayers who filed their returns on time are entitled to 13 percent annual interest on their refunds, at a potential cost to the Government of millions of dollars.
I.R.S. officials denied reports that large numbers of returns had been lost. But where the computer-encoded copy of a return has been accidentally erased, officials said, the revenue service may ask taxpayers to submit duplicates of their tax forms to get a refund. A revenue service spokesman said taxpayers whose refunds were long overdue should not send in duplicate returns until they had asked an I.R.S. employee to check their account.”
“The record backlog of troublesome returns comes just as the I.R.S. was emerging from the most turbulent tax-processing season in its history. The problems arose from the installation of a new $100 million Sperry Corporation computer system that was plagued with both programming errors and faulty tape drives, which record individual tax data on magnetic tape.”
January 28, 1986: I.R.S. ENDS COMPUTER CONTRACT; By By David E. Sanger, The New York Times
“The Internal Revenue Service today canceled a multimillion-dollar contract to install the second phase of its troubled new computer system, in a move that seemed likely to delay further any reduction of the growing backlog of tax disputes.
The cancellation came just days after a panel of three administrative law judges ruled that software used in the system selected by the agency last year did not meet the Government’s performance standards. In an opinion that was sharply critical of both I.R.S. management and several of the companies that bid on the system, the panel ordered the service to end the contract it awarded to Computer Systems and Resources Inc.
An I.R.S. spokesman, Roderick P. Young, said that the agency, which is still reeling from computer problems that snarled and delayed the processing of millions of tax returns last year, is now ‘examining our options.’ While the new equipment canceled today was not scheduled for installation until after the current tax season is over, it now appears unlikely that it will be in place by the 1987 tax season.”
February 10, 1986: Taxes: Downtime At the Irs; Time
On the front of this year’s federal income tax forms, the Internal Revenue Service printed a letter to taxpayers apologizing for foul-ups that delayed millions of refunds in 1985. About 16,000 taxpayers still have not received their checks.
The IRS is trying to fix the problem by upgrading its computer system, but that effort suffered a setback last week. IRS officials canceled a contract for $73 million worth of new computers and software to be supplied by Virginia-based Computer Systems & Resources, after a Government review panel found that the equipment had serious deficiencies. For one thing, the system’s mastery of COBOL, a computer language widely used in the Government, did not meet federal standards. The panel also concluded that the system would probably cost $101 million, instead of the $73 million estimated by the Virginia company.
IRS officials say that their current computers are adequate for the time being and that the processing of returns will be faster this year than in 1985. Many critics are skeptical. Says one professional tax preparer: “My advice to anybody expecting a refund is to get your return in early.”
April 8, 1990: The I.R.S.’s Bumbling Efforts to Update Its Computers; By David Burnham, The New York Times
“With the nation’s taxpayers struggling to complete their income-tax returns by next week’s deadline, the Internal Revenue Service is approaching the crossroads of an extraordinarily challenging effort to design and acquire a new network of computer equipment and software to process returns during the next decade.
But according to investigations by the I.R.S. itself, the $10.7 billion program is being undermined by a lack of technical expertise, an inability to keep track of project costs and a failure to develop a unified plan describing how the agency’s thousands of computers – mainframe, desktop and portable – would work together under the new structure. Planning for the Tax System Modernization Project began in 1987; the program is supposed to be fully in place by 1998.
The management problems are so severe, the investigators said, that the I.R.S. should consider cutting back on the acquisition of some new computer systems until the master operating plan is formulated.”
January 31, 1997: IRS admits its $4 billion modernizing is a failure Official says computers don’t work; agency wants to contract out tax returns; Baltimore Sun
“The Internal Revenue Service conceded today that it had spent $4 billion developing modern computer systems that a top official said ‘do not work in the real world’ and proposed contracting out the processing of paper tax returns filed by individuals. That would allow non-Government workers to see confidential information about the incomes of individual Americans.
Arthur Gross, an assistant commissioner of internal revenue who was appointed 10 months ago to rescue the agency’s efforts, said customer service representatives must use as many as nine different computer terminals, each of which connects to several different data bases, to resolve problems.
‘Dysfunctional as some of these systems may be today,’ Mr. Gross said, the I.R.S. ‘is wholly dependent on them” to bring in the $1.4 trillion in taxes that finance the Government. He expressed doubt that the agency was capable of developing modern computer systems, saying it lacked the ”intellectual capital’ for the job.”
“The failure of the modernization effort will mean years of frustration for taxpayers who get into a dispute with the I.R.S., especially one that involves records kept on two or more of its computer systems.
Mr. Gross said that for the foreseeable future the I.R.S. must continue to work with dozens of antiquated computer systems — some dating to the 1960’s — that cannot trade information with one another.”
September 23, 1997: NO CALL TO BASH THE IRS; By By Mortimer M. Caplin, The Washington Post
“Like many other government agencies, it has had its share of management errors and poor judgment. And major changes are long overdue: improving education and services for taxpayers, better training for IRS employees, modernizing computers and greater efforts to simplify and streamline the entire tax process.”
Nov. 4, 1997: Man in the News: Charles Ossola Rossotti; Hope for I.R.S. in 2000 By David Stout, The New York Times
“When President Clinton nominated Charles O. Rossotti to head the Internal Revenue Service, the candidate’s expertise in computers seemed ideal for an agency whose technology was outmoded and overwhelmed. When Mr. Rossotti was confirmed by the Senate today, he took on an even bigger mission: regaining the trust of the American people.
The I.R.S.’s computer problems, including machines that do not talk to each other very well and poor planning to accommodate the computer-baffling date change to the year 2000, were known when the President chose him on July 31.”
April 12, 1998: Moving a Mountain of Paper Taxes the IRS By Albert B. Crenshaw, The Washington Post
“The agency had hoped by now to be operating entirely with the latest in computer technology. But repeated efforts to design and install it have failed, enraging Congress.
The failures finally prompted the Clinton administration, with Congress’s enthusiastic backing, to appoint an IRS chief who is not a tax expert but knows computers. He is Charles O. Rossotti, the founder of American Management Systems Inc., a Northern Virginia technology company. Rossotti has said he is appalled by the state of the agency’s systems and is working to modernize them, but that has been delayed by the need to fix software bugs in the old computer systems so they can recognize dates after 1999.”
“The agency tried to automate this process with electronic equipment a few years ago. But the equipment didn’t work well in some ways and was removed, so back came the rubber stamps, presumably to stay until a more successful technology is installed in the pending computer overhaul for the IRS as a whole.”
March 2, 1999: SLOPPY BOOKS COST IRS MILLIONS; By Deborah Orin, The New York Post
“And it says IRS computer security is so weak that unauthorized people could get hold of sensitive taxpayer information such as financial data that ‘may be used to commit identity fraud.’”
March 1, 2000: IRS ‘s Woes Costing Billions, GAO Says; Watchdog Agency Urges More Changes; By Albert B. Crenshaw, The Washington Post
“Poor internal management at the Internal Revenue Service is costing the federal government billions of dollars in uncollected taxes and improperly paid refunds, at the same time that the agency places unnecessary burdens on some honest taxpayers, the General Accounting Office said yesterday.
The analysis, detailed in the congressional watchdog’s annual audit of the IRS’s books and accompanying testimony before a House subcommittee, concluded that while the agency has been improving in the wake of new laws and new management, it still needs to make major changes.”
October 16, 2000: The Fix Isn’t In: IRS is still struggling to modernize its ancient software; By Jim McTague, Barron’s
“The rosiest budget forecasts, as well as the most pessimistic, take a fully-functioning tax-collection system for granted. Imagine, then, the fiscal chaos (and perhaps bliss for individuals) that might ensue if the Internal Revenue Service’s 35-year-old computer software suddenly crashed. Tax collectors, who take in almost $2 trillion a year, might lose track of returns and be unable to determine for months, if not years, exactly who had paid their taxes. Hundreds of billions in revenues might remain uncollected, even after the IRS was up and running again. The government might have to borrow to make good on the spending promises being made by presidential contenders Gore and Bush.
This scenario isn’t a mere stretch of the imagination. Although the tax agency is modernizing its core software, the changeover is occurring at a bureaucratic jog, not a free-market sprint. New software won’t be delivered until next year, and programmers won’t begin installation until 2002. The core computer system of the IRS, which contains all taxpayer records, is so fragile, the old software will have to be replaced in stages over several years. It’s akin to replacing the foundation of a building, brick by brick.
In the meantime, the IRS will have to rely heavily on the old programming language, which over four decades has become so complex, disjointed and jury-rigged that large parts of it could crash at any moment.”
“Like old plumbing, the current software is prone to leaks. In July, the IRS discovered that a computer glitch had caused it to short-change taxpayers of $25 million in refunds over several years. Some leaks are very costly to repair, especially when you consider that the IRS plans to trash the old system by the end of the decade. Ridding the existing core software of the Y2K bug alone cost $1.4 billion.”
August 23, 2001: TECHNOLOGY; PeopleSoft Gets Contract With I.R.S. For Software; By Chris Gaither, The New York Times
“The I.R.S. has found that task impossible, with a 35-year-old computer system and 125 million individual tax returns filed each year. The agency’s current central database, which is being replaced by next year, offers no way for I.R.S. service representatives to note their interactions.”
December 11, 2003: At I.R.S., a Systems Update Gone Awry; By David Cay Johnston, The New York Times
“After five years, a project to replace the Internal Revenue Service’s aging file-keeping computer system with modern technology is so far behind schedule that the I.R.S. has told the prime contractor that unless it improves its performance by the end of the month, the government may have no choice but to fire it.
The project, which was expected to cost $8 billion when completed, has spent less than $1 billion so far, but it is already 40 percent over budget for what it has done, according to the I.R.S. Oversight Board, an independent watchdog body that Congress created in 1998.
Most taxpayers are younger than the computer system that the I.R.S. relies on to maintain its master files on individuals and businesses — all the records of who they are, where they are, their income, taxes paid, and the amounts they still owe or are owed as refunds.”
February 13, 2004: IRS commissioner bars CSC from upcoming projects; By Juan Carlos Perez, IDG News Service
“In December, the IRS Oversight Board blasted both the IRS and CSC for problems with the IT modernization effort, including poor planning, poor execution and blown deadlines (see story). CSC is the primary contractor for the Business Systems Modernization (BSM) project, a multiyear and wide-ranging effort to significantly revamp the tax agency’s infrastructure and allow the IRS to operate more efficiently and provide better service.”
April 1, 2004: No Easy IT Fix for the IRS; By Elana Varon, CIO.com
“The internal revenue service’s Master File is an accident waiting to happen. A legacy of the Kennedy administration, this database stores the taxpaying histories of 227 million individuals and corporations, including every transaction between taxpayers and the IRS for the past 40 years. The Master File is used to determine if you’ve paid what you owe, and without it the government would have no way to flag returns for audits, pursue tax evaders or even know how much money is or should be flowing into its coffers.
Yet the system still runs code from 1962, written in an archaic programming language almost no one alive understands. Every year, programmers, some who have worked at the IRS for decades, add new code to the Master File to reflect new rules passed by Congress. As a result, the system has become a high-tech Rube Goldberg machine. Those familiar with the Master File say it is poised for a fatal crash that would shut the government down.
Congress and the IRS had hoped that by this tax season, this fragile system would be partially replaced by a centralized database that could provide both IRS agents and individual taxpayers with daily updates of taxpayer accounts, just as credit card companies and banks do, enabling speedier refunds and more timely customer service. This new Customer Account Data Engine, or CADE, is part of a massive $8 billion modernization program launched by the IRS in 1999 to upgrade its IT infrastructure and more than 100 business applications.
But the program, called Business Systems Modernization, has stumbled badly, running into serious delays and substantial cost overruns. The first of multiple software releases planned for the new database (which would enable faster processing of returns and faster refunds for 6 million out of the 21.5 million people who file the 1040EZ form) is nearly three years late and $36.8 million over budget. Eight other major projects have missed deployment deadlines by at least three months, and costs have ballooned by more than $200 million, according to the U.S. General Accounting Office and the congressionally chartered IRS Oversight Board, an independent panel of tax industry and technology experts who advise the IRS and Congress.
Those familiar with the program say the fault lies largely with the IRS’s entrenched bureaucracy. The agency did not follow its own procedures for developing the new systems and failed to give consistent direction and oversight to Computer Sciences Corp. (CSC), the vendor it hired to do the work. Longtime managers resistant to change undercut CSC and the private-sector IT executives who were hired to oversee the program, according to Mark Forman, who, as associate director for IT and e-government at the Office of Management and Budget, oversaw the government’s major IT initiatives from June 2001 until last summer. Three CIOs have come and gone in the seven years since planning began for Business Systems Modernization.”
May 5, 2008: IRS trudges on with aging computers; By Anne Broache, CNET
“The Internal Revenue Service has been trying for years to upgrade its antiquated mainframe computers, which process Americans’ tax returns by churning through millions of lines of assembly code written by hand in the early 1960s.
But after more than 20 years and over $5 billion, there’s still no end in sight. Not all computer systems can talk to each other, information isn’t available in real time, and tax returns filed on paper are often manually entered by typists.”
“The IRS’ long-term goal is to run its operations with the efficiency Americans expect of banks and credit card companies, but it has consistently fallen short. Right now, for instance, a taxpayer who submits a tax return on a Monday will likely find that it will not be processed until at least the following weekend, thanks to limitations in the antiquated core of the agency’s tax-processing apparatus. Over $3 billion was wasted in an earlier upgrade attempt in the 1990s. Last year, computer problems caused the IRS to erroneously hand out an estimated $318 million in fraudulent refunds.
Government audits show that the many years of planned upgrades have been dogged by the same missteps that plague so many massive government computer upgrades: inadequate management, ill-defined goals, repeated cost overruns, and failure to meet deadlines and expectations”
September 4, 2008: IRS finds unauthorized Web servers connected to its networks; By Jill Aitoro, Nextgov
The Internal Revenue Service found more than 1,000 unauthorized Web servers connected to its networks, leaving the agency’s systems open to hackers, according to a report released on Thursday by the IRS inspector general.
In September 2007, the IRS Computer Security Incident Response Center scanned the agency’s Web servers and identified 2,093 that had at least one security vulnerability. When the center matched those servers to the IRS database of registered Web sites and servers, an inventory of systems that the agency uses to perform security maintenance and apply patches, it found 1,811, or 87 percent, were not listed in the database.
Of the unregistered servers, the IRS identified 661 that were used for legitimate agency business, leaving 1,150 servers being used for potentially unauthorized activity, according to the report.
“Unauthorized servers pose a greater risk [than authorized servers] because the IRS has no way to ensure that they will be continually configured in accordance with security standards and patched when new vulnerabilities are identified,” the IG wrote in the audit report. “Malicious hackers or employees could exploit the vulnerabilities on these Web servers to manipulate data or to use the servers as launch points to attack other computers connected to the network.”
November 20, 2009: IT turkeys: 7 government projects worthy of a roast; By Kevin McCaney, FederalComputerWeek
More than 20 years ago, the IRS launched its Business System Modernization program to replace its Master File system, parts of which dated to the Kennedy administration. By 1995, after eight years and $2 billion, the agency told Congress it had made only marginal improvements. In 1999, an IRS assistant commissioner speaking at the FOSE trade show called the modernization program a $3.3 billion failure, and said most of its technology did not work. At that point, the agency was already starting over with a $5 billion contract to CSC, awarded the previous December. The project has continued with a mix of progress and setbacks. The Customer Account Data Engine, for example – described by an official as “the centerpiece of our modernization efforts” — began processing more than 25 percent of taxpayer returns in 2008. But by June 2009, IRS had halted CADE’s development. The saga continues.
November 25, 2013: Why Your Tax Returns Aren’t Safe with the IRS; By Brianna Ehley, The Fiscal Times
Serious security weaknesses in the Internal Revenue Service’s data system have left millions of taxpayers’ sensitive financial information vulnerable to hackers.
The agency claims it has fixed the problem, but its auditors beg to differ.
A new report released by the Treasury Inspector General for Tax Administration (TIGTA) found that although the IRS claimed it had implemented 19 fixes to secure the system recommended by the auditor in previous years, at least eight (or 42 percent) of them “had not been fully implemented,” and should not have been checked off as completed.
The auditors said the IRS never tracked its progress on the repairs, and in many cases, it closed cases without submitting documentation to prove the fix was complete. The auditors blamed it on “weakened management controls.”
The report also found that the agency didn’t properly scan servers—which contain taxpayer information– for “major vulnerabilities,” or properly lock user accounts, and it did not update software on databases.
“When the right degree of security diligence is not applied to systems, disgruntled insiders or malicious outsiders can exploit security weaknesses and may gain unauthorized access,” Treasury Inspector General J. Russell George said.
June 2, 2015: Investigator says IRS failed to upgrade security ahead of cyberattack; By Stephen Ohlemacher, Lubbock Avalanche-Journal
George suggested that the IRS should strengthen its management controls, as well as provide additional training to employees involving uploading data to implement fixes.
The IRS responded to the auditor, saying it has already issued a new manual to staff to help improve monitoring practices.
The auditor’s warning comes 4 ½ months after the IRS inadvertently posted thousands of Social Security numbers on a government website. Additionally, a security breach in November 2012 revealed that 74.7 GB of data was stolen from South Carolina’s Dept. of Revenue, exposing Social Security numbers of 3.8 million taxpayers along with credit card numbers and bank account data.
November 25, 2013: The IRS’s Unusual IT ‘Success Story’ is Failing; By Biranna Ehley, The Fiscal Times
A major technology initiative at the Internal Revenue Service that was previously dubbed a “rare federal IT success story” has missed its deadline and is tens of millions of dollars over budget.
The latest attempt by the IRS to shift the data of 140 million taxpayers from an old master file on 1960s-era software to a modernized database is now estimated to cost $83 million – or 74 percent more than the agency anticipated, according to a new report from the Treasury Inspector General for Tax Administration (TIGTA).
The project, known as the Customer Account Data Engine 2 (CADE 2), missed its June deadline and won’t be ready until at least January of 2014. The new system, which will house all taxpayer data filed electronically, still lacks a functional security system, the audit said.
CADE 2, which the Government Accountability Office called a “successful major IT acquisition” in 2011, now seems to be following in the footsteps of its predecessor, CADE 1 – which was the IRS’s first attempt to modernize its taxpayer database.
CADE 1 eventually fell two years behind schedule and went $37 million over budget due to inadequate definitions of system requirements and inaccurate cost and timeframe estimates, according to the GAO.
It was ultimately scrapped. In 2008 then-IRS commissioner Doug Shulman brought in an IT expert from Boeing, Terry Mulholland, to try again. Critics say transitioning the data from the old file to a new modern system was easily doable decades ago, and question why it has taken the IRS so long.
CADE 2 is eventually supposed to replace the current Individual Master File (IMF) with a relational database. The new system will allow the IRS to update taxpayer accounts and process tax returns quickly and easily every day, compared to the current system, which can only be updated weekly. The IRS says CADE 2 will be a “key component of the IRS’s data-centric technology strategy.”
That’s if it doesn’t meet the fate of CADE 1.
“I am troubled by these delays and the escalating costs associated with implementing this significant component of the IRS’s modernization efforts,” said J. Russell George of TIGTA. “The IRS needs to be aggressive in its efforts to resolve these problems.”
April 11, 2014: Update: IRS misses XP deadline, will spend $30M to upgrade remaining PCs; By Gregg Keizer, COMPUTERWORLD
The U.S. Internal Revenue Service (IRS) acknowledged last week that it missed the April 8 cut-off for Windows XP support and will be paying Microsoft for an extra year of security patches.
But the tax agency disputed an earlier estimate by Computerworld that put the cost of those patches in the millions, saying that it was paying Microsoft “less than $500,000” for the after-retirement support.
Microsoft terminated Windows XP support on Tuesday when it shipped the final public patches for the nearly-13-year-old operating system. Without patches for vulnerabilities discovered in the future, XP systems will be at risk from cyber criminals who hijack the machines and plant malware on them.
During an IRS budget hearing on April 7 before the House Financial Services and General Government subcommittee, the chairman, Rep. Ander Crenshaw (R-Fla.) wondered why the agency had not wrapped up its Windows XP-to-Windows 7 move.
“Now we find out that you’ve been struggling to come up with $30 million to finish migrating to Windows 7, even though Microsoft announced in 2008 that it would stop supporting Windows XP past 2014,” Crenshaw said at the hearing. “I know you probably wish you’d already done that.”
According to the IRS, it has approximately 110,000 Windows-powered desktops and notebooks. Of those, 52,000, or about 47%, have been upgraded to Windows 7. The remainder continue to run the now retired XP.
September 8, 2014: IRS finds more key hard-drive crashes, claims no evidence of tampering By Josh Hicks, Washington Post
In a report to four congressional committees on Friday, the IRS said hard-drive crashes are to blame for the lost communications and that the computer malfunctions “appear to be the same sorts of issues routinely experienced within the IRS, in other government agencies and in the private sector.”
The report also noted that the crashes occurred before the start of investigations into how the agency identified nonprofit advocacy groups for extra scrutiny. The IRS’s inspector general released an audit last year that said the agency inappropriately targeted certain organizations based on their names and policy positions.
IRS chief John Koskinen testified at a hearing in June that the agency lost many of Lerner’s e-mail records after her hard-drive crashed in 2011. He said the agency tried unsuccessfully to recover the data and then sent the broken device away for destruction.
The IRS said in its report on Friday that the agency now knows of five more employees who are missing e-mails because of hard-drive crashes. The staff members include: Judy Kindell, who was Lerner’s former senior adviser; IRS tax-law specialist Justin Lowe, who worked with Kindell; IRS manager Ron Shoemaker, who helped oversee the cases in question; and two Cincinnati-based IRS employees who had worked on some of the cases.
The agency said all of the employees contacted IT staff and attempted to recover their data after their computers malfunctioned.
The IRS failed to implement dozens of security upgrades to its computer systems, some of which could have made it more difficult for hackers to use an IRS website to steal tax information from 104,000 taxpayers, a government investigator told Congress on Tuesday.
The agency’s inspector general couldn’t say whether the upgrades would have prevented the breach. But, he added, “I can say it would have been much more difficult had they implemented all of the recommendations that we made.”
Each year, the Treasury inspector general for tax administration audits the IRS’s security systems and recommends improvements. As of March, 44 of those upgrades had not been completed, said the inspector general, J. Russell George.
Ten of the recommendations were made more than three years ago.
In addition, the Government Accountability Office issued a report in March that identified more than 50 weaknesses in the IRS’s computer security that had not been resolved. Until those weaknesses are fixed, “financial and taxpayer data will remain unnecessarily vulnerable to inappropriate and undetected use, modification or disclosure,” the GAO said.
February 12, 2016: IRS outage caused by back-to-back failures, not cyberattack By Kevin McCoy, USA Today
An electrical voltage regulator on the computer server that handles tax returns for millions of Americans started to fail on Feb. 3, Terence Milholland, the IRS’ chief technology officer, testified at a Thursday hearing of the House Committee on Oversight and Government Reform.
As a technician worked to address the problem, a backup voltage regulator also failed, he said. Approximately 30 hours elapsed before the IRS was able to fix the regulators, which Milholland said come under “high-stress conditions” when the computer is operating, and resume normal service.
Seeking to allay any fears that something more sinister might have been to blame, Milholland said, “This was, with absolute certainty, not a cyberattack. It was a failure of mechanical devices.”
The episode marked the latest in a series of computer problems that have embarrassed the IRS, and, in some cases, raised the risk that taxpayers’ personal information could be accessed, used to steal taxpayers’ identities, file fraudulent tax returns and collect refunds.
The tax agency this week disclosed that it detected unauthorized efforts to gain access to e-file personal identification numbers for more than 450,000 Social Security numbers in late January. Approximately 101,000 of those efforts succeeded in accessing an e-file ID number, the IRS said.
No personal taxpayer information on the computer system was compromised, and hackers generally would need data beyond just a PIN number to file a phony return, the tax agency said. IRS personnel are now mailing affected taxpayers alerts about the problem.
In the agency’s most serious computer-related failure in recent memory, cyberthieves accessed as many as 334,000 taxpayer accounts. The hackers got into the computer system by using an IRS application called Get Transcript, which allows users to retrieve their tax account transactions, tax return information or wages and income reported to the IRS.
April 19, 2018: IRS’ 60-Year-Old IT System Failed on Tax Day Due to New Hardware By Aaron Boyd and Frank R. Konkel, Nextgov
The Internal Revenue Service attributed the agency’s Tax Day crash to a piece of hardware supporting an IT system that is almost 60 years old.
Called the Individual Master File, components of the system—including 20 million lines of computer code—date back to 1960, when John F. Kennedy was president.
IRS told Nextgov 18-month-old hardware supporting the Individual Master File experienced a caching issue causing the system to fail. The failure disrupted almost all other services and systems IRS provides because those systems ingest data from the Individual Master File. When those systems—such as Direct Pay and the structured payments portal—called to the Individual Master File mainframe and got no response, they too failed.
Despite repeated warnings from the Government Accountability Office and Congress, IRS’ plans to modernize the system are at least six years behind schedule and several hundred million dollars over budget.
“This was our biggest fear about one of these mission-critical systems crashing,” Dave Powner, GAO’s director of IT management issues, told Nextgov Thursday. “Fortunately, it wasn’t down for a long period of time, so in that way, we dodged a bullet.”
Still, the crash forced the IRS to extend the tax filing deadline one day, delaying some 14 million submissions. It could be several years before the Individual Master File is fully modernized and rid of 1960s-era technology.
February 9, 2021: IRS Computer Glitch Causes 10s Of Thousands To Mistakenly Be Told They Won’t Receive Stimulus Check By Brian New, CBS
The IRS mistakenly told tens of thousands of Americans they won’t be getting a stimulus check.
Notices to 109,000 taxpayers were sent out that said, “We applied a credit to your 2007 tax account due to new legislation. We used all or part of your economic stimulus payment to pay your federal tax as the law allows… As a result, you don’t owe us any money, nor are you due a refund.”
However, none of this is true.
An apparent IRS computer glitch resulted in the wrong message being sent out to thousands of taxpayers who are awaiting their $600 stimulus payment.
Texas A&M Law School tax expert Bob Probasco said it appears a computer code from 14 years ago, the last time the federal government issued direct stimulus payments, got mixed up in the current program.
The notice that taxpayers were supposed to get was to inform them they haven’t received their stimulus payment because their 2019 tax return had not been processed.
Instead, the IRS’ computer system sent them a “CP21C” notice with a very different message.
“Everything is done by computers and the IRS’ systems would have possibly been state-of-the-art 50 years ago, but they are hopelessly antiquated today,” Probasco said. “This creates problems every time you have to make changes, especially on short notice like with the stimulus payments.”
October 21, 2021: A 60-year-old IRS IT system won’t finish modernizing until 2030 By Natalie Alms, FCW
The IRS completed most of its planned IT modernization activities for the last two fiscal years on schedule and within cost, but one of its efforts, intended as a replacement for a 60-year-old system, is now on track to replace core functions only—and it may not be complete until 2030.
That’s according to a Government Accountability Office report, which reviewed five IRS IT investments and found that they met most performance goals for FY 2019 and 2020.
The 60-year-old system slated for replacement is called the Individual Master File. It’s the key source for individual tax data, and a modernized system would provide the infrastructure needed for real time digital taxpayer interactions, rapid access to data and agile response to legislative changes, according to the GAO report.
The program intended to modernize it, called Customer Account Data Engine 2, has seen many delays and cost changes since the IRS first started developing it in 2009, according to the GAO. A key milestone for replacing selected functions, for example, has been pushed back by nine years, from 2014 to 2023.
The CADE 2 program actually had lower reported costs than anticipated for 2020 and met most performance goals for the last two years, but GAO called its long term performance and outlook “troubling.”
The modernized system isn’t scheduled to be finished until 2030. Development costs are now about four times higher than originally planned, and CADE 2 is also now expected to replace only core components of the old program, as opposed to the entire system.
The IRS is about to get billions more to upgrade their technology, but why should taxpayers have any confidence anything will cahnge after 40 years of mismanagement and failure?