June 02,2015

Wyden Statement at Finance Committee Hearing on IRS Stolen Tax Returns

WASHINGTON – Senate Finance Committee Ranking Member Ron Wyden (D-Ore.) today called attention to the sophisticated threat of cybercrimes facing federal agencies at a hearing to discuss the recent data theft at the Internal Revenue Service (IRS).

“This is a wake-up call to the increasingly sophisticated nature of cyber threats facing our federal agencies and identity theft risks facing all Americans,” said Wyden. “To protect taxpayers from this onslaught of cybercrime, the IRS needs a 21st century IT system and expertise from IT leaders who best understand how to serve millions of users while balancing evolving security needs.”

The full prepared remarks can be found below:

Three months ago, the Finance Committee met in a hearing on the latest ID theft and other scams plaguing taxpayers, and I said that wave of attacks sure looks to me like organized crime. Today, we meet after 104,000 tax returns have been hoovered up by what appears to be a sophisticated organized crime syndicate.

This problem continues to spiral, with hackers targeting federal agencies, state governments including Oregon’s, and private companies alike to steal money and data. One recent report from the Department of Homeland Security said federal agencies’ computer systems come under attack hundreds of times a day, tens of thousands of times a year.

The investigation of the stolen tax returns is ongoing as of this morning. But once again, it seems the thieves are one step ahead of the authorities. They gained access to enormous amounts of personal data, which is up for purchase at extraordinary cost in the Internet’s shadowy corners. These rip-off artists used that data to slip past the security filters at the IRS and steal taxpayers’ most sensitive financial information.

So in my view, it’s fair to say that once again, this conduct fits the definition of organized crime.

The thieves who steal taxpayer information could wipe out people’s life savings and leave them in financial ruin. They could falsify tax returns next year or further down the road. They could take out huge, fraudulent home or student loans. And on a bigger scale, the money stolen in this cybercrime wave could be funneled into more criminal activity. It could wind up in war zones. There’s a possibility that it could fund acts of terrorism without being traced.

Just like when the White House and the Department of Defense were targeted in the past, this was an attack on Americans’ security. I will be very direct about what’s needed here. To protect taxpayers from this onslaught of cybercrime, the IRS needs a 21st-century IT system. 

This is not just a question of resources, and certainly it is not a lack of commitment from the IRS staff. It’s also a question of expertise. The era of punch cards and paper forms ended long ago. Federal agencies like the IRS need to tap into the expertise of our leading web firms – the pros who serve not millions or tens of millions, but hundreds of millions of users.

That expertise will allow the IRS to avoid the pitfalls of the past and to implement a 21st-century IT system that protects taxpayers’ privacy, catches hackers and cheats, and funds the government as efficiently as possible. When that system is in place, Congress must step up and appropriate the funds necessary to manage it effectively.

Legislators would not call for the D.O.D. or White House security budgets to be slashed after cyber-attacks, but the IRS’ security funding has been shrinking for years. No company would try to defend against modern cyber criminals with technology that’s 20 or 30 years old, but that’s what the IRS is stuck using in the absence of the expertise and resources to serve that American taxpayer.

Congress could also make sure the IRS has the information it needs to mount the strongest possible fight against fraudsters. If the IRS had access to the data on W-2 and 1099 forms from the very beginning of tax season, it would be much easier to catch fraudulent returns early and save taxpayers the nightmare of a stolen refund. Senator Hatch and I developed a bipartisan proposal to add an extra level of security by expanding the program that distributes unique passwords for individual taxpayers to use when they file.

And when taxpayers do become victims of fraud, they should get more help undoing the damage quickly and restoring their credit.

It should be clear to everybody that beefing up cybersecurity at the IRS must be a top priority and draw on the tech expertise that exists in Oregon and in states across the country. So it’s my hope that our hearing today will set aside politics and focus on fresh ideas of how to best protect taxpayers.