Responding to the recently disclosed Internal Revenue Service (“IRS”) data breach, congressional leaders are demanding answers from the agency regarding its handling of confidential tax information.  Senate Finance Committee Chairman Orrin Hatch (R-UT) and House Ways & Means Committee Chairman Paul Ryan (R-WI), along with Ways & Means Subcommittee on Oversight (“Oversight Subcommittee”) Chairman Peter Roskam (R-IL), each have sent letters to IRS Commissioner John Koskinen seeking information about the data breach.

The Senate Finance and House Ways & Means Committees have legislative and oversight jurisdiction over the IRS.  As such, Chairman Hatch said that it is critical that his Committee “understand what took place, what information was at risk, how this may affect tax administration and what appropriate legislative responses may be needed to reduce the risk of this occurring again.” 

In a May 27 letter to Commissioner Koskinen, Chairman Hatch requests that by no later than June 5 the agency provide a confidential briefing to committee staff detailing the events surrounding the data breach.  Chairman Hatch said that the briefing should include information on when and how the agency learned of the breach, what information the attackers gained access to and whether there is any indication of the geographic source of the attack.  The House Ways & Means Committee letter, sent on May 29, seeks answers regarding whether the attack was facilitated by known system weaknesses and what steps the IRS is taking to prevent any further breach.  The Ways & Means Committee members request a response to their letter by June 11 along with a briefing for Oversight Subcommittee staff by June 12.    

The IRS data breach compromised the data of more than 100,000 U.S. taxpayers.  The IRS has confirmed that cyber-crooks used stolen Social Security numbers and other data acquired from elsewhere to gain access to past tax returns through the IRS’s “Get Transcript” online application, which were then used to file fraudulent returns.  Commissioner Koskinen said the IRS is confident that it was the work of organized crime syndicates.  

Chairman Ryan called the data breach a “profound mission failure.”  Chairman Hatch said “that the IRS – home to highly sensitive information on every single American and every single company doing business here at home – was vulnerable to this attack is simply unacceptable.” He stressed that Congress and the administration need to work together to better protect taxpayer information from cyber threats.

The Senate Finance Committee will hold a hearing on Tuesday, June 2 to examine the IRS data theft.  The witnesses called to testify at the hearing are Commissioner Koskinen and Treasury Inspector General for Tax Administration Russell George.  Chairman Ryan has yet to schedule a hearing in his Committee, but one is likely forthcoming.

Reporter, Lauren M. Donoghue, Washington, DC, +1 202 626 8999, ldonoghue@kslaw.com.