IRS goal: Issue most 2019 tax refunds by Dec. 31, 2020
BMW, Honda, Jaguar, Mini, Range Rover & Subaru electric vehicles added to IRS tax credit list

Senate Finance Committee heads demand IRS commissioner provide hacking answers

SFC Ron Wyden Charles Grassley hearing February 2020 screen shot
Senate Finance Committee Ranking Member Ron Wyden, left, and Committee Chairman Charles Grassley at a hearing in February to question Treasury Secretary Steven Mnuchin about the president's fiscal year 2021 budget. (SFC hearing video screen capture)

The two men who head the Senate Finance Committee want answers about whether the Internal Revenue Service was among the agencies hacked by foreign agents and they want them now.

Finance Chairman Chuck Grassley (R-Iowa) and Ranking Member Ron Wyden (D-Oregon) sent a letter today to IRS Commissioner Chuck Rettig seeking, in their words, "an immediate briefing on the IRS' efforts to discover whether its systems were breached, and if they were, whether sensitive taxpayer information was stolen."

That's a question many in the tax community immediately raised (including me in my Dec. 14 post Treasury Department hack raises IRS exposure questions) after word got out that an extensive foreign intelligence operation had obtained access to several federal agencies, including the Treasury Department.

So it's good to see Grassley and Wyden speak for us who are worried about what might have been accessed at the IRS, which is the largest agency under Treasury.

Questions about illicit IRS access: The initial concern obviously is the extent of the hack.

It appears to be extensive, with reports that in addition to Treasury, the Commerce, State and Homeland Security Departments, as well as the National Institutes of Health and parts of the Pentagon were compromised.

The other critical question is just how deep into each of these federal operations were the hackers able to reach?

The hackers apparently used a program created by the Austin, Texas-based software company SolarWinds as the gateway into the government agencies. That's of particular concerns since, note Grassley and Wyden, the IRS appears to have been a SolarWinds client as recently as 2017.

"Given the extreme sensitivity of personal taxpayer information entrusted to the IRS, and the harm both to Americans' privacy and our national security that could result from the theft and exploitation of this data by our adversaries, it is imperative that we understand the extent to which the IRS may have been compromised," wrote the Senators.

Preventing future breaches: Following discovery of the widespread federal network attack, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive and instructed agencies to immediately power down SolarWinds Orion products and search for signs of further compromise.

Grassley and Wyden want to know what such a search of IRS operations has found so far.

The duo also wants Rettig to discuss what actions the IRS is taking "to mitigate any potential damage, ensure that hackers do not still have access to internal IRS systems, and prevent future hacks of taxpayer data."

Working around Treasury: The Senators apparently wrote to Rettig after, according to a Wall Street Journal story, their private requests for a briefing from Treasury were ignored. So they decided to turn to the IRS chief.

Their letter to Rettig seems to indicate that at this stage of the hacking investigation, Grassley and Wyden want direct assurances from the IRS commissioner about the agency's vulnerabilities and any remediation and/or precautionary efforts it is taking.

However, I would not be surprised if the Senate Finance Committee, as well as its tax-writing counterpart across Capitol Hill, the House Ways and Means Committee, also hold public hearings on IRS cyber security.

You also might find these items of interest:





Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.