Sen. Young & Finance Committee Republicans press IRS on data security shortcomings

Young

In the wake of continued oversight reports revealing serious data security concerns at the Internal Revenue Service (IRS) and the recent indictment of an IRS consultant for the disclosure of private individuals’ tax information, U.S. Senator Todd Young (R-Ind.) and Senate Finance Committee Republicans called on the IRS for greater accountability, transparency, and a detailed explanation of specific steps it is taking to address security weaknesses at the agency.

From the letter:

Preventing illegal access and disclosure of protected taxpayer data is an essential IRS responsibility, one of its highest priorities and one that is statutorily enshrined in the taxpayer’s bill of rights. Unfortunately, it is also one that has been disregarded for far too long.

The IRS must take responsibility and account for failures in these duties. As part of this, we call upon the IRS to provide a detailed explanation of: the specific steps it has taken since the beginning of this year to address any security weaknesses; a timeline of when each such step was taken; the current status of each recommendation made by TIGTA or GAO related to data and/or IRS system security since January 2020; the next steps and expected timeline for the IRS to address any open recommendations; and all specific actions the IRS has taken or will take to make impacted individuals whole.

For years, the Treasury Inspector General for Tax Administration (TIGTA) and Government Accountability Office (GAO) have pointed to significant, unaddressed flaws in the IRS’s data security systems and practices. Most recently:

  • In an Oct. 11 report on “Major Management Challenges” for the IRS for 2024, TIGTA identifies “Protection of Taxpayer Data and IRS Resources” as one of the IRS’s “top management and performance challenges.”
  • In an Oct. 24 report on “longstanding challenges” at the IRS, the GAO notes the IRS “has struggled with longstanding challenges in … safeguarding sensitive information,” with diverse issues still unresolved.

The full letter is available here.