Attention FAE Customers:
Please be aware that NASBA credits are awarded based on whether the events are webcast or in-person, as well as on the number of CPE credits.
Please check the event registration page to see if NASBA credits are being awarded for the programs you select.

House Subcommittee Seeks Answers About IRS Security Breaches

Ruth Singleton
Published Date:
Sep 27, 2018
Cyber Crime

In response to recent breaches of the IRS’s taxpayer verification efforts, including the identity protection PIN, the House Ways and Means Oversight Subcommittee held a hearing yesterday on improving the agency’s authentication technology, according to Accounting Today.

“Sadly, the IRS’s online tools and applications have also become an attractive target for criminals looking to steal taxpayer information and commit identity theft fraud,” said subcommittee chairman Lynn Jenkins (R-Kan.) in her opening statement. “The IRS uses a process known as ‘authentication’ to separate legitimate taxpayers who want to access the IRS’s online services from criminals looking to commit fraud. Unfortunately, given the large amount of personal information on taxpayers available in the public domain, criminals can easily impersonate legitimate taxpayers and pass through the IRS’s authentication process undetected.”

Speaking at the hearing were Gina Garza, the IRS’s chief information officer, and Edward T. Killen, its chief privacy officer. They reported that as result of the Security Summit—a partnership among the IRS, state tax authorities and the tax preparation industry to combat tax-related identity theft—the number of taxpayers reporting that they were victims of identity theft dropped by 65 percent from 2015 to 2017, and the number of tax returns with confirmed identity theft fell by 57 percent, with more than $20 billion in taxpayer refunds being protected.

They did observe, however, that cybercriminals are becoming more sophisticated and are targeting tax professionals. In a written statement, they said, “the IRS and its partners not only continue to improve our safeguards against fraudulent returns, but we also continue to encourage taxpayers, tax professionals and businesses to protect their data and avoid becoming victims of proliferating tax scams.”

Also speaking at the hearing was Michael McKenny, deputy inspector general for audit at the Treasury Inspector General for Tax Administration (TIGTA), who described the results of several of TIGTA’s audits of the IRS. He reported that the IRS has completed or updated electronic authentication risk assessments for 28 of its online applications to determine appropriate levels of authentication assurance, and it has enhanced its network monitoring and audit log analysis capabilities. Yet he observed that, due to issues related to resources, incompatibility and higher priorities, the agency did not fully implement network monitoring tools it purchased to improve the prevention and detection of automated attacks.

"Controls to prevent fraudulent users from improperly creating profiles were not fully implemented," he said. "Further, the IRS is not fulfilling its requirements for monitoring audit logs for suspicious activity. This is due to inadequate processes for generating and reviewing audit log reports as well as failure to ensure that reports are useful for investigating and responding to suspicious activities. The risk of unauthorized access to tax accounts will continue to be significant as the IRS proceeds with expansion of the online tools it makes available to taxpayers.”

Click here to see more of the latest news from the NYSSCPA.