Grassley wants answers for IRS security breach

IRS SealFrom Press Release


U.S. Sen. Chuck Grassley (R-IA) today asked the IRS to account for computer security weaknesses that allowed the theft of personal financial information for reportedly 104,000 taxpayers.

“It is important to learn what can be done to prevent these breaches of IRS computer systems and protect the private personal information of taxpayers,” Grassley wrote to IRS Commissioner John Koskinen.

Grassley sought details on how the IRS assessed the risk of the online portal used for the information theft before it went online for taxpayer use and when the IRS achieved the capability to authenticate a taxpayer’s identity with the level of security required for an interactive online account.  As of March 2013, the IRS did not have such capability.

Grassley also asked what other interactive services are available on the IRS website and what steps the IRS is taking to protect taxpayers in any other interactive web services, as well as steps to prevent the misuse of information accessed in the current breach.

The latest incident is the subject of a Finance Committee hearing on Tuesday.  Grassley is a senior member and former chairman of the committee.

Grassley wrote to the IRS last month with concerns about weaknesses in computer systems that create opportunities for taxpayer or employee data to be lost, corrupted or stolen.  The IRS has not responded.

The text of Grassley’s letter today is available here.