Senate Finance Committee Chairman Orrin Hatch (R-Utah) today sent a letter to Internal Revenue Service (IRS) Commissioner John Koskinen pressing the agency for answers after it was revealed a data breach compromised the confidential tax information of more than 100,000 taxpayers.
In the letter, Hatch asks the IRS to provide a confidential briefing to Committee staff detailing the events that surrounded the data breach by no later than June 5, 2015.
“As the Senate Committee with jurisdiction over the Internal Revenue Code and oversight jurisdiction over your agency, it is critical that this Committee fully understand what took place, what information was at risk, how this may affect tax administration, and what appropriate legislative responses may be needed to reduce the risk of this occurring again,” Hatch said.
The text of the letter is a below and a signed copy can be found here.
May 27, 2015
The Honorable John Koskinen
Internal Revenue Service
1111 Constitution Avenue, NW
Washington, DC 20224
Dear Commissioner Koskinen:
Thank you for your call on Friday, May 22 informing me of the recent data breach at the Internal Revenue Service. According to both your update and recent press accounts, criminals have gained access to the confidential tax information of more than 100,000 taxpayers through the IRS’s Get Transcript application. I understand that the Internal Revenue Service, the Treasury Inspector General for Tax Administration, and other federal entities are investigating the breach and working to determine the extent of the damage. Throughout this investigation, and your investigation into the source of the recent attack, you will have the full support of the Committee and, as Chairman, I look forward to the swift identification and punishment of those who are responsible for these crimes.
In addition to your current work to identify the cyber criminals responsible for this breach, the Committee has an obligation to ensure that proper protections are in place and that such a breach is less likely in the future. Every year, the IRS collects more than 140 million individual tax returns, roughly 6 million corporate tax returns, and millions of sensitive information returns and other filings. It is no exaggeration to say that the confidential taxpayer information your agency holds is of the utmost private nature for every single taxpayer in the United States.
In April of this year, Ranking Member Ron Wyden and I quietly launched an investigation into the methods by which computer and online tax preparation services, as well as major prepaid debit card providers, screen for stolen identity refund fraud (SIRF). We will be writing to you on that matter separately in the coming days, but a key concern of the Committee is the growing threat of SIRF to tax administration. This concern will only be amplified due to the recent IRS breach.
As the Senate Committee with jurisdiction over the Internal Revenue Code and oversight jurisdiction over your agency, it is critical that this Committee fully understand what took place, what information was at risk, how this may affect tax administration, and what appropriate legislative responses may be needed to reduce the risk of this occurring again. To that end, I ask that you provide my Committee staff with a confidential briefing by no later than June 5, 2015. This briefing should cover, but is not limited to, the following questions:
- When did the breach occur?
- When did the agency learn of the breach and how did it become aware?
- What information allowed the attackers to obtain access, and what is the agency’s understanding of how the attackers gained this information?
- Is the agency working to cross-reference the stolen identifies used in this attack with identities compromised in recent breaches of other organizations?
- To what information did the attackers gain access? Does your agency know the extent to which the attacks were successful for each identity?
- Does the agency have information indicating the geographic source of the attack?
- To the best of your knowledge, have the attackers subsequently used the taxpayer information obtained in this breach? Press reports indicate about 15,000 tax refunds were claimed subsequent to this attack – is this correct?
- Describe the agency’s coordination with other federal departments. Has the agency requested assistance or information from other federal departments, and, if so, has it received that assistance or information?
Thank you for your ongoing assistance and updates on this matter.