LISTEN LIVE KPR - On Air: Listen Live to classical, jazz and NPR news Schedule LATEST
KPR 2 - On Air: Listen live to KPR's all talk-radio service, KPR2 Recordings

Share this page              

Was Recent IRS Data Breach Preventable?

A government watchdog says the Internal Revenue Service ignored many of its recommendations to improve computer security. But IRS Commissioner John Koskinen told a Senate panel Tuesday that a data breach reported last month involving the accounts of 104,000 taxpayers is an example of "a perfectly good security mechanism ... being overtaken by events."

At a hearing of the Senate Finance Committee, panel Chairman Orrin Hatch told Koskinen that his agency "has failed" the taxpayers whose returns were stolen in the breach reported last month. Hatch added:

"These taxpayers, and their families, must now begin the long and difficult process of repairing their reputations. And they must do so with the knowledge that the thieves who stole their data will likely try to use it to perpetrate further fraud against them."

The Treasury's inspector general for tax administration, J. Russell George, told the panel that 44 of its recommendations to the IRS "have yet to be implemented." Specifically, he said the IRS had not always applied high-risk computer security upgrades known as patches, and that the agency had failed to monitor many of its servers, "which puts the IRS' networks, data and applications at risk."

Koskinen countered that many of the IG recommendations did not apply to the most recent data breach, which involved a separate IRS website. And in response to a question from Hatch, George conceded he could not give "a definitive answer" as to whether the IRS might have prevented the breach if it had implemented the recommendations. But, George said, "it would have been much more difficult."

George and Koskinen both said the perpetrators were likely from Russia and other nations but, citing the ongoing investigation of the data breach, would not be more specific.

The IRS revealed last month that the back tax returns had been downloaded by hackers who used legitimate taxpayers' names, Social Security numbers and other personal data to access the information through a link on an IRS website called Get Transcript. The link has since been taken down.

The back tax information is useful for people applying for a home mortgage or college loan. But thieves could use the data to better impersonate taxpayers and get past IRS screens to file fraudulent returns and obtain refunds.

Sen. Johnny Isakson, R-Ga., said it was ironic that while the Senate has been busy debating whether the National Security Agency should be allowed to access data on phone calls, the IRS collects much more personal information — including wages, investments and charitable contributions. This data, he said, is "a lot more personally identifying for the average American than whatever the NSA ever does, and they're looking out for our physical safety."

Copyright 2015 NPR. To see more, visit

Tower Frequencies

91.5 FM KANU Lawrence, Topeka, Kansas City
89.7 FM KANH Emporia
99.5 FM K258BT Manhattan
97.9 FM K250AY Manhattan (KPR2)
91.3 FM  KANV Junction City, Olsburg
89.9 FM K210CR Atchison
90.3 FM KANQ Chanute
96.1 FM K241AR Lawrence (KPR2)

See the Coverage Map for more details

Contact Us

Kansas Public Radio
1120 West 11th Street
Lawrence, KS 66044
Download Map
785-864-4530 (Main Line)
888-577-5268 (Toll Free)