Security Short Take: Blame for IRS data breach laid on cybersecurity cuts

02.06.2015
The IRS breach revealed last week will be Topic No. 1 at a hearing today before the U.S. Senate Finance Committee, and agency officials are expected to place the blame for the data leak on lawmaker-driven cutbacks in funding.

Criminals stole sensitive information affecting roughly 100,000 taxpayers through the agency's "Get Transcript" app. The IRS disclosed the breach on May 26.

IRS spending on cybersecurity is down by 20% since 2011, from $187 million four years ago to $149 million in the current fiscal year. (That's actually less bad than it sounds. Funding plummeted to $129 million in 2012 before rebounding a bit in recent years.) The agency also lost key IT personnel when it was stripped of its ability to pay cybersecurity experts at higher-than-normal levels.

To try and head off future breaches, the IRS has options, according to a former IRS IT manager. Those options include:

At today's hearing, IRS officials are expected to explain the multi-step security processes they now use to double-check taxpayer identities. In addition to personal information about a taxpayer, like Social Security number, date of birth, tax filing status and street address, the agency also poses "out-of-wallet" questions based on information only the taxpayer would know.

With reports by Patrick Thibodeau at Computerworld.

(www.csoonline.com)

CSO Staff