239085459_787fb8d62c_z (4)

Earlier this week, the IRS acknowledged the data breach that exposed the personal information of over 100,000 taxpayers was worse than first thought. The agency now says that the tax data of about 330,000 taxpayers was stolen during the hack. As ATR has previously pointed out, the IRS was repeatedly warned by watchdog groups to better protect taxpayer information. This latest revelation proves they did not heed these warnings until it was far too late.

Back in May, the IRS disclosed that hackers exploited a loophole in the “Get Transcript” application to obtain information on the tax returns of individuals. The hackers then used this information to file fraudulent tax returns. At the time, the agency said that the hackers succeeded in stealing as much as $39 million but these latest revelations surely increase that figure. The IRS is now taking several measures to protect data including sending letters to taxpayers warning of potential identity theft and offering credit protection.

Following the hack, Treasury Inspector General for Tax Administration (TIGTA) Chief J. Russell George revealed that the IRS failed to implement 44 recommendations that would improve the IRS’s ability to protect taxpayer information from hackers. Of these 44, ten recommendations were over three years old.

Since 2007, the IRS has been warned at least seven times by watchdog groups that it needed to strengthen its protections of taxpayer information. Most recently:

  • In a 2014 report, TIGTA warned that if stronger protections are not implemented, “taxpayers could be exposed to the loss of privacy and to financial loss and damages resulting from identity theft or other financial crimes.”  
  • 2013 report found that the IRS had failed to fully implement eight recommendations that would increase security over taxpayer data despite telling TIGTA they had been implemented.
  • A 2011 report found that taxpayer data was vulnerable to hackers and stronger security measures were needed
  • In 2010, TIGTA found that the agency had inadequate safeguards to protect taxpayer information from contract workers.


Clearly, the IRS knew that theft of taxpayer information was a serious threat. But instead of adopting dozens of recommendations from the Inspector General, the agency chose to sit on its hands and hope nothing went wrong. Now, thanks to the ineptness of the IRS, the personal information of hundreds of thousands of taxpayers has been stolen and these individuals are at risk of identity theft. 

See Also: