Comstock calls for IRS commissioner's resignation due to data breaches

In the wake of a Government Accountability Office study which found IRS data-security measures left sensitive taxpayer information "unnecessarily vulnerable" to hackers, Rep. Barbara Comstock (VA-10) called for the resignation of the agency's director.

In a statement, Comstock said IRS Commissioner John Koskinen "has provided little confidence that cybersecurity is a top priority at the IRS. 

“Over 700,000 Americans have had their vital tax information potentially stolen by hackers because the IRS could not protect their information."

In testimony before Comstock's House subcommittee on Research and Technology on Friday, Koskinen said, "I don't think there's any financial institution of any size in the world that can give you a 100-percent guarantee" that customer data is safe from hackers.

"I can tell you, knocking on wood," Koskinen added, "thus far our basic database, notwithstanding the over one million attacks a day, continues to remain secure."

Koskinen also noted that the agency's head of cybersecurity "left a few weeks ago," and that the agency's chief technology officer will also be leaving owing to what Koskinen said was the loss of authorization to pay their salaries.

"Congress needs to give us the reauthorization to hire the highest-skilled, capable IT security experts we can," Koskinen said. "We struggle otherwise" to keep those positions filled, he added

According to the GAO report, the IRS has "made progress in implementing information-security controls," but the agency still lags in "protecting the confidentiality, integrity, and availability of financial and sensitive taxpayer data."

Hackers exploited a security weakness in the IRS's "Get Transcript" application, which allowed taxpayers to access their tax history online.

Once the data breaches were discovered, the IRS removed "Get Transcript" from its website.

In written testimony before Comstock's committee, Treasury Department inspector general for tax administration J. Russell George noted the number of records hacked was "significantly greater" than the headline estimate, as "the tax accounts accessed include certain information on other individuals listed on a tax return (e.g., spouses and dependents)."

In February, the IRS began mailing notices to affected individuals, and flagged their tax accounts for identity theft.

Comstock, who received one of those letters from the IRS, said, “Former OPM Director Katherine Archuleta and executives of companies that have been hacked ultimately resigned with similar breaches. Commissioner Koskinen should follow these examples and to allow for new and trusted leadership at the IRS."