IRS is in the eye of the tiger, as the agency’s inspector general told Congress yesterday that the IRS failed to implement security upgrades to its computer systems, reported the Associated Press yesterday (June 2). At the end of May, the IRS announced that the data from tax returns for roughly 100,000 households was stolen by cybercriminals who used the IRS’s online services to hack the database.
While it cannot be said for certain if the security upgrades would have prevented the breach, the hackers would have most certainly faced more difficulty. “I can say it would have been much more difficult had they implemented all of the recommendations that we made,” said the inspector general, J. Russell George, according to AP.
George also confirmed that some of the thieves were from Russia, which was in line with announcements made by IRS Commissioner John Koskinen last month. According to Koskinen, the thieves have claimed about 13,000 refunds – totaling about $39 million – using information stolen from the IRS website, but he stressed that, in his opinion, the missing upgrades would not have prevented the cyberattacks.
“These are criminal syndicates that are not bound by geographic limits,” Koskinen said. “They may be operating in one country but they’re operating across country lines, and they’re oftentimes operating in conjunction with each other or selling data back and forth to each other.”
While Koskinen did mention the drastic budgetary cuts the IRS has undergone – more than $1 billion since 2010, to $10.9 billion this year – as a difficult context to keep up with the recommended upgrades, he also said that it’s not just about money. “Not every problem is a budget problem, so I don’t want to wander around town every time we have a challenge saying, ‘Ah, if we had more money, we’d fix it,'” Koskinen said. “This is a technology issue, not a budget (issue), but a question of security, a question of keeping up with criminals in terms of authentication.”
According to the Associated Press, the IRS is paying dearly the costs of a hidden and bi-partisan battle between the IRS and Congress taking its roots in President Barack Obama’s health law. Koskinen said the IRS was refused $600 million over the past two years for computer upgrades related to the health law by Congressional Republicans. So the agency had to tap into its technology expenditures. Meanwhile its funding for cybersecurity was cut by 20 percent since 2011, to $149 million this year. These cuts don’t make sense when you know that data breach costs have been skyrocketing over the years, reaching $3.8 million on average in 2014, a 23 percent increase compared to 2013. ThreatMetrix identified more than 11.4 million fraud attempts during peak 2014 holiday shopping periods.
To check out what else is HOT in the world of payments, click here.