The IRS has failed repeatedly in its efforts to modernize its IT systems and is instead using outdated technology that is leaving the personal tax data of millions of Americans at risk.

The House Ways and Means Oversight Subcommittee conducted a hearing last week exploring the IRS’s IT practices following the news that the agency awarded a $7.25 million contract to Equifax just a week after that company was responsible for a major data breach compromising confidential data of 145 million American taxpayers.

Alarmingly, neither IRS Chief Information Officer Gina Garza, nor Jeffrey Tribiano, Deputy Commissioner for Operations Support, were aware that the contract with Equifax was signed until the morning of the hearing.

As noted by David Powner, Director of IT Management Issues at the Government Accountability Office, this represents a major breakdown in IRS management as CIO’s are required by law to approve major IT contracts such as the one awarded to Equifax:

“CIOs should approve the IT budget, they should approve major IT contracts, that’s a provision in the law… I can tell you right now that was put in there because of this stuff [referencing the Equifax funding granted by the IRS].”

This breakdown represented just one example of how the IRS’s modernization efforts have failed. When asked by Rep. Tom Rice (R-SC) if anyone on the panel thought that the modernization efforts of the IRS have been acceptable – every witness agreed the IRS is falling far short and failing taxpayers.

Describing the incident as an “abject failure”. Rep Jackie Wolorski (R – IN) called for structural change in the IRS, noting that the organization was in need of “major reform”.

The Equifax data breach should come as no surprise as IRS practices have been investigated by independent watchdogs on a number of occasions.

  • Last year, a TIGTA review found that the IRS’s outdated systems were leaving taxpayer data at risk, noting that “the use of outdated operating systems may expose taxpayer information to unauthorized disclosure, which can lead to identity theft.  Further, network disruptions and security breaches may prevent the IRS from performing vital taxpayer services, such as processing tax returns, issuing refunds, and answering taxpayer inquiries.” 
  • Another review revealed that poorly articulated and badly enforced data retention policies were responsible for the destruction of laptops and critical records, hindering the ability of taxpayers to hold the agency accountable. 
  • Concerns about the IRS’s mishandling of private information have prompted the GOP’s proposed Taxpayer Bill of Rights, designed to protect (amongst other things), the privacy and confidentiality of American taxpayers by holding the agency accountable and affording taxpayers a means of redress.
  • The Oversight Committee found that the IRS has retained outdated 20th-century technology that puts citizen data at risk instead of developing or implementing integrated cloud technology which is the industry standard.

Given the agency’s clear failure to modernize its IT systems, it is clear that reforms are needed to ensure that the IRS is held accountable to everyday Americans and is properly completing its responsibilities.