Criminals stole sensitive information affecting roughly 100,000 taxpayers through the agency's "Get Transcript" app. The IRS disclosed the breach on May 26.
IRS spending on cybersecurity is down by 20% since 2011, from $187 million four years ago to $149 million in the current fiscal year. (That's actually less bad than it sounds. Funding plummeted to $129 million in 2012 before rebounding a bit in recent years.) The agency also lost key IT personnel when it was stripped of its ability to pay cybersecurity experts at higher-than-normal levels.
To try and head off future breaches, the IRS has options, according to a former IRS IT manager. Those options include:
At today's hearing, IRS officials are expected to explain the multi-step security processes they now use to double-check taxpayer identities. In addition to personal information about a taxpayer, like Social Security number, date of birth, tax filing status and street address, the agency also poses "out-of-wallet" questions based on information only the taxpayer would know.
With reports by Patrick Thibodeau at Computerworld.