IRS security failings must be fixed
Thieves stole about $5.8 billion from the Internal Revenue Service in 2013, by taking tax refunds due to people whose personal information they used to make the claims. The haul for this year (the IRS has not released 2014 numbers yet) will be substantial, too – because IRS officials did not react effectively to warnings their computer systems were vulnerable to hackers.
Personal information of about 100,000 taxpayers has been stolen by sophisticated criminals who obtained it from IRS systems, the agency revealed this week.
Computer security experts have warned the IRS is an excellent target for hackers. No doubt the agency took some countermeasures – but they obviously were inadequate.
Now, the question is whether officials can close the hole through which the 100,000 sets of personal information were stolen, and whether they will install safeguards effective in thwarting the next assault. Rest assured, there will be one or, more likely, a multitude of them.
Members of Congress upset about the identity theft are right to insist the tax agency do better in safeguarding personal information, for two reasons:
First, the agency may be the only one-stop shopping location available for identity thieves. Not only can they learn what targets are most lucrative, but they also can steal refunds. Then, they can use personal information to steal more from other sources.
Second, those who believe businesses such as banks and credit card firms are not safeguarding personal information can take their business elsewhere.
But Americans have no choice about giving the IRS tons of information about themselves and their finances.
It is one law the criminal class just loves.