IRS Data Breach Goes Beyond 'Standard Cyberattack,' Senate Homeland Security Chairman Says

Commissioner John Koskinen said Tuesday during a Senate Homeland Security Committee hearing. The data breach managed to bypass the IRS’ multistep authentication process for using the Get Transcript application, indicating that the “parties” behind the breach received information from “sources outside the IRS,” Koskinen said. The IRS shuttered the Get Transcript application on May 21, he said. The Senate Finance Committee also held a hearing Tuesday on the data breach, during which Koskinen said the breach resulted in the filing of 13,000 fraudulent tax returns that claimed a total of $39 million in refunds. More than one-third of the more than 90,000 other taxpayers whose information became compromised during the breach had filed their returns before the breach, while IRS measures halted the filing of about 23,000 other fraudulent returns. The remaining 33,000 taxpayers affected by the breach weren’t obligated to file returns with the IRS, Koskinen said. The data breach may have focused more on using taxpayers’ information “to file fraudulent tax returns next year,” he said. Senate Homeland Security Chairman Ron Johnson, R-Wis., said he believes the IRS data breach constitutes an incident beyond “your standard cyberattack” and that it raises questions about the cybersecurity of other federal agencies’ networks that will require additional hearings. Senate Homeland Security ranking member Tom Carper, D-Del., said the IRS data breach is a symptom of the larger “epidemic” of recent data breaches that have affected companies like Anthem, Sony Pictures Entertainment and Target. The IRS breach in particular shows that federal agencies “must do more to stay ahead of the curve,” Carper said.