- The IRS came under fire for lax cybersecurity protections during a Senate Finance Committee hearing Tuesday.
- Last August, the IRS revealed that hackers had been able to the steal sensitive data of more than 300,000 taxpayers.
- But, Sen. Tom Carper, D-Del., said the agency is failing with cybersecurity because Congress hasn’t provided the necessary funding to improve security and IT initiatives.
During the hearing, Carper scolded his colleagues for cutting IRS funding, leading the agency to not adequately protect taxpayers.
"When it comes to protecting American taxpayers' sensitive information online, Congress continues to ask the IRS to do more with less by enacting deep and damaging cuts to the agency’s budget," Carper said.
The IRS has seen its budget cut by 17% since 2010, giving it few affordable options for improving security, according to the Center on Budget and Policy Priorities.
Meanwhile, IRS Commissioner John Koskinen said the agency is facing an unmatched volume of cyber criminals and has to defend more than one million malicious attempts to access data every day.
The agency is working to harden its defenses, said Koskinen. And continued funding shortages will make it impossible for the IRS to keep up with hackers, according to Carper.
Last month, a Government Accountability Office report found the IRS has so far failed to properly secure its systems in six areas, including adding controls to identify and authenticate users, restricting server access and making sure any authentication data is encrypted. The GAO also found that it was easy to guess the passwords used to access key IRS systems.
The watchdog agency also added two recommendations to a long list of unresolved IRS data security issues, bringing the total number to 45. The details of those recommendations are not publicly available.