with those mitigating intrusions' but in this particular instance so well lead to this particular incident. so was still provided stable protection. when our national security professionals are committed to is to make sure we are capitalizing on every innovation out there and spread it as wisely as possible with the best possible protection into excel a rate that timeline for einstein three.

>> but in the morning what are the president's thoughts with the eulogy to be a somber thank? >> i have not had the opportunity to talk to the president specifically but as said general matter over the last seven or eight years the obama family has grown close to the blighted family and the president did have a personal relationship with beau biden and the statement that we issued shortly after his passing he felt a very personal way of his loss. in hand while his family is

sad and i beau biden dash he is looking forward to celebrating his life. he was a remarkable individual to talking a personal way of his knowledge of character about the way they fell about his country. to make for a pretty powerful morning tomorrow morning. >> celebrations are an india as it makes from india. and also the west.

little have any recent presidential conversations to share with you but so to further intensify the relations between my two countries. senator -- her secretary carter was an india that reflects the depth of the relationship so many that are related to how we can expand economic opportunity. there is a way to deepen the cooperation that he was in in india earlier this week. >> key has a new ambassador

that of course, both of them said make the relations in my question is is it any messages? >> no. i am not aware of the specific messages but the fact of secretary carter's trip is a clear indication of national security priority the president has but - - placed from the united states and india. >> before those two countries the ambassadors play a big role in the relations between the two countries. >> that job was taken shortly before the president

backing n.j. period we are pleased by the working in short period of time to strengthen relations to be a very effective advocate and afterwards the family will return to washington d.c.

and then the president of travel to munich terminate. in to participate arms are a on the sun bear already have my days confused. sunday morning the president will arrive in injury to participate in the event to be with him deliver a call to cathy opportunity to meet with residents to make about the german alliance said they will have the bilateral meeting to review global issues and then the president will participate in the arrival ceremony than the g-7 meeting on the global economy followed by trade. following bill's working sessions will join by a family photo and then followed by g7 leaders on

never read it -- while foreign and security issues. on monday on energy and climate with the of reached last on terrorism for perot and day iraqi prime minister plans to be in the session and then the president will be in a family photo and attend a working lunch and then hold a news conference in germany before richard gephardt to washington d.c. and will arrive at an:00 p.m. monday evening a world win trip. the catholic hospital association conference and will discuss what health care reform has meant to millions of americans with affordable coverage joshes but in terms of there rights and protections for all consumers with the quality of care and the impact on the economy as a whole with president is scheduled to

deliver on wednesday afternoon. i can tell you the president does not plan to travel outside of the washington area. are on thursday that he is ready with readings on staff and also working on the eulogy tamara. >> will he say his weekly address question mark not at this point but we will try to get

[inaudible conversations]

[inaudible conversations]

[inaudible] '' committed in will come to order with he and peres says the target of unauthorized service prejudged to 100,000 in taxpayer accounts. printer stand over 100,000 were successful with cyberperils from the agencies to get a transcript and in dealing with their breeches said the committee stands alone with the internal revenue code of the irs and wide-ranging abilities to conduct investigations with individual taxpayer information while it raised questions in the past that

it prioritizes is spending today's hearing is about how criminals stole vast amounts of taxpayer information and those regarding the funding levels until we have the complete understanding what had occurred. before we return to the technological issues focus on the victim's. because of this breach criminals to get personal information about roughly 104,000 taxpayers including social security numbers numbers, bank account numbers and other sensitive information. these taxpayers and their families must begin the long and difficult process to repair their reputation with the knowledge that the thieves stole their data will use it to perpetuate further fraud against them.

mr. koskinen has failed us taxpayers it is of the of most importance to find out who was behind the breach and how would occurred and what steps the irs might have taken to prevent it and what was compromised and how this could affect the taxpayer's going forward but to catch those cybercriminals to prevent this from being a successful in the future. we must pledge to work together to make sure this is not happen again. the secure movement of but unfortunately ceramic qc it in the headlines and -- every week to the have the

but the irs is not and never will be except and but to think it could be more quickly targeted. it stores information every taxpayer from individuals to large organizations and from mom and pop businesses to multinational corporations. it matters say great deal to have a central challenge with the taxpayer information is of a the highest importance for fraud and it ended a half-day and the tax fraud costing

taxpayers billions of dollars every year. once a joker's it could take months for a taxpayer to mitigate the damage. with that stolen identity by refund fraud to launch investigations and to request information and documents from the largest tax return preparers were from the data card companies. and to consider policy changes also from the working groups into weighing in on those matters in the near future. i welcome our witnesses today and i asked commissioner mr. koskinen and inspector general george. earlier this chairman first welcome to before the committee i hope to be the beginning of a new chapter of a lot of historic chapter

between the irs in the senate finance committee. i said because the issues are too great to be anything but open and honest and productive but today's topic is a great example of why that is so importuned. cyberthreats will only continue to grow. but to figure out what has really happened and how they could prevent another successful attack in the future. with those investigations with a criminal investigation to be sensitive to these investigations for the witnesses and dennis zine of

those limitations as fully and candidly as possible. from there i will turn to senator widen for his remarks ; forward to working with you and all other colleagues in a bipartisan concern for this committee. >> three months ago the finance committee met in a hearing with the updated -- with the latest scams plinking taxpayers. and i said then that that wave of attacks sure looks to me like organized crime. today after 104,000 tax returns that appears to be a sophisticated organized crime syndicate. if it continues to spiral with hackers targeting

federal agencies including my own and private companies to steal money and a data. one report from the department of common security says the computer systems, under attack hundreds of times a day, and tens of thousands of times per year. the investigation of the stolen tax returns is ongoing as of this morning but once again it seems the thieves are a step ahead of the authority to have access to a enormous amounts of data said that is set for purchase with the internet shadowy corners. the rip-off artist mused that day dash to slip past the security filters so it

is my view it is fair to say once again that this conduct fits the definition of organized crime. the thieves to steal taxpayer information wipeout of the lifesaving this to leave them in financial ruin. they could falsified tax returns further down the road to take out huge fraudulent student loans. and on a bigger scale the of money stolen in the cybercrime wave could be funneled into a war criminal activity. it could you -- be used in war zones or to find acts of terror without being traced. just like the white house department of defense was targeted in the past, it is an attack on the security of americans.

but to protect taxpayers from the onslaught of cyber crime of the 21st century i t system. is in just a question of resources in a survey not a lack of commitment also a question of expertise with the of paper forms long ago. federal agencies need to tap bin with those who served tens of millions of users. this expertise will allow the iris of the pitfalls of the past to be the 21st century i t system to protect taxpayer privacy is

projects that hackers it to fund the of government as efficiently as possible. with the system is in place it can step but to provide the funds necessary to manage that effectively. legislators for that to be / like cyberattacks but it has been shrinking for years. with the modern cybercriminals but that is what the irs is stock with those resources with the taxpayer to mount the strongest possible fight if the irish had access to the data on the 1099 forms it would be much easier to catch fraudulent returns

early to save taxpayers the nightmare of of our early refund. but to add an extra level of security to expand the probe -- the program for taxpayers to use when they file an amended to become a victim of fraud they should get more help but to beef up the cybersecurity because of the technology expertise but it is my hope the hearing was set aside the politics of these issues of fresh ideas how to best protect our taxpayer. i look forward to working with your. >> irs commissioner -- commissioner koskinen

serving as the head of the irs says december 2013 with the private sector experience can confront the many challenges at a irs. i have confidence in commissioner koskinen. thanks for being with us today. in real introduce the second witness as well. inspector general george from the treasury inspector general for that tax administration has been serving since 2004 and has extensive public sector experience including working from the house of representatives on their reform and oversight program for a great deal of respect for you also and for being here today.

and we will start with you commissioner koskinen please keep your remarks within five minutes because maple have questions. >> thank you for the opportunity to appear before you with the unauthorized attempts to provide taxpayer data with the online application. it is a top priority for a day irs as a result of decreased funding over the past few years we continue to devote time and attention to this challenge. at the same time criminals can gather to make protecting taxpayers to be challenging and difficult. in the application data

approximately 200,000 taxpayer accounts. with the sophisticated nature of the attempts made making crucial information already obtained from sources outside the irs. it should be noted these attempts to a gather this information did not attempt to gain information from the main systems that handle tax filings for pro the system remains secure such as where is my refund. but they must go to the multi step authentication and process. they must submit personal information such as data birth, filing status and address. but to contain the confirmation code and the

taxpayer must respond to several questions to elicit information only the taxpayer would no such as the amount of the monthly mortgage or a car payment for brothers never security team noticed unusual activity on that application. we thought it was said denial of service for the attackers tried to disruption of normal function for pro they have question mark the times to get the application. of the 100,000 successful attempts only 13,000 possibly fraudulent returns were filed for which they issued refunds and those ever filed by actual tax payers with froze it -- with identities but to be

protected against fraud in the future to mark the accounts to prevent someone else from filing a tax return in their name and 2016. letters have already gone out to the taxpayers use information was successfully obtained by the third-party. we have credit monitoring and also the opportunity to obtain personal identification number to further safeguard the irs accounts also those that were not accessed those from outside paid the irs and social security numbers and others who want them to take steps to safeguard the data. it is also taking down to make it more secure the

rendering and accessible for the taxpayers. the problem to use stolen information is not new. between 2010 and george p5+1 since then we have made steady progress rate -- against fraudulent refund claims over the past years almost a thousand individuals were convicted in connection with refund fraud. that is you try dignity theft and we have been able to stop more suspicious returns at the door. our filter stopped almost afraid million suspicious returns an increase of over 700,000 from the year before. but for that reason recent leave with the apparel industry's with the

cooperative efforts of the past to leverage up personal private partnership in the expected until shortly. with the budget request to provide for $101 million specifically devoted to identity theft and as noted dickey of legislative request is the proposal of the filing dates generating the your from what is reported to identify fraudulent returns to route identified refined fraud. this concludes my statement now be happy to answer your questions. >> thank you. thank you for the opportunity to discuss the

data breach at the irs. may 26 the irs allows criminals had to use taxpayer specific data from i.r.a. sources to gain unauthorized access to information on 100,000 tax accounts in the office of investigation continues to investigate the incident but according to reports received from the irs and individuals to clear the authentication process with the required knowledge of prior information including social security numbers with the tax filing status as well as personal identity verification questions that only the tax payer would no.

and to face the irs for the fiscal year 2011. we have an audited under way for authenticating taxpayers at the time with the irs services. to increase the availability on the internet with a weakening of controls to authenticate access in personal data. the risk of this tax account will continue to grow as the irs focuses the effort is to deliver the interactive on-line tools. but more avenues also means more opportunities for exploitation by hackers and greater risk with those

areas that the irs could better protect taxpayer data in for example, we found they had not always applied hybris computer security of grades and profound is irresponsible to redress cyberattacks is not monitoring a significant percentage that put said and applications times. it is continuously under attack from under personal gain and in various ways they use to your perpetrate them to require constant monitoring by the irs. that impact tax administration to follow

identity theft and then to protect the i t advisers from the ever changing devolving technology. this is a stark reminder even security controls adequate enough up past can be susceptible to those who have vast amounts of personal data. to be even more vigilant with confidentiality with the taxpayer data and taxpayers could be exposed to the laws of privacy resulting from identity theft. we're committed to the mission to assure the tax of ministrations system to prevent or detect or of waste fraud and abuse of the

irs effort is to effectively protect taxpayer data and investigate any instance attempts to corrupt or interfere with the tax administration. chairman hatch thank you for the opportunity to share my view. >> shakier. let me start with you inspector general george. in your written testimony you said the taxpayer data is the top concern facing the irs as you have stated that despite your concerns the irs has not implemented many recommendations but having strengthens the i t security. but as of march 2015 and has implemented the audit recommendations fit security

summer more than three years all. beyond that had the ed disagreement of the i t security. if the irs had fully implemented the recommendations with the recent attacks with the transcript to be successful. >> at this stage i cannot give your definitive answer as to whether or not it would have been possible. if they implemented all of the recommendations that i made. >> given your testimony those to perpetuate tax fraud but a dear to the theft of personal information from agency 100,000 new entities on the international black market as many as 13,000 new

partial returns have been found that costs the taxpayers $39 million when it comes to return to the theft and tax fraud i don't think we can adopt the pay and chase mentality for coastal and indignities are significant problem for perot bet not that your agency can solve on its own. what it can is that the criminals use this stolen information. news reports indicate the recent irs may have been in russia. with large numbers of refunds were shifted to bulgaria in china. can either of you tell the committee what more could be

done to stop the thieves from home and abroad? do you feel we have the cooperation of the justice department and others to stop these perpetrators? >> as noted increasingly complicated challenge i would just note that there are not 104th and newest:the kennedys that was before but what is available now is for the transcripts that our more detailed to go along with the stolen identities. there are breaches across the private sector and the economy has all data is collected by criminals who have a database that exceed so as the inspector general says it is the increasingly

complicated challenge what worked one year ago may not work today's you continually have to attack that problem we work closely with the inspector general and value their airport -- 7.and we ask them of the fet system going forward but in response we've looked at that in terms of the suggestions made of the improvements to make the all of the reports is security with regard to the basic data base. but those did not deal with that authentication of the web site. the problem with the process it is the good security mechanism used by others as the inspector general says to be overtaken by events. >> with the federal treasury

from abroad to give adequate cooperation from governments? >> and then a criminal investigation though most 2000 people are in jail and is the problem that with increasing number of the attacks are coming from eastern europe and asia to track those people down is much more difficult we don't get a lot of cooperation. >> data hearing last month i pointed out the increased sophistication of those involved of the taxpayer identity after looks like more organized crime. i interesting and to harass and stated that most

taxpayers have to involve as organized crime and also at involves a double to attempt to access taxpayer records. i know that the latest is ongoing but from what i have seen thus far, it sure looks like this attack was undertaken by the organized crime syndicate that already had access to enormous amounts of data of the u.s. taxpayers. would you agree? >> i would. there is the unimaginable amount of data as a result of breaches' across the economy in which it said tickets around the world and the battle is becoming increasingly more difficult for everyone in the private sector and this event is a shot across the brow to

remind people of the nature is the enemy. >> given that you agreed with my description you would describe your challenge to make sure you were in a position so you can stay ahead of these increasingly. >> we reach an understanding to protect so let's talk about the game plan you would have to have. the sophistication of the organized crime syndicates when you close one door their vote for the next. so we will try the people

who have the air and experience but with the upgrading, the irs. >> ben most of the significant points. it is the small number that authorized with this technology is streamlined and it would work 14 years in the have two very senior sophisticated i t people that we cannot higher because we didn't go through the process but the nasa program runs off with a

cybersecurity unit is critical. it is a critical pay authorities so that is for the small number of people who will be a world-class experts and though me to do with technology but security. >> what does this committee made to do to indicate if you want a bipartisan basis? what does this committee need to do to make the grade to work on this together it isn't an issue of a political overtone but faces every company in this country still mccann to do ted w. two's earlier to allow us to be more effective with the identity theft that in fact we could

just the way social security the embers are produced it would help us if they are not fraudulent. there is legislature supporting issues. >> and also we're running the antiquated system that is 50 years old or in some cases they cannot even provide a patch for all the of grades and some don't have them because they no longer support it. we obviously do need to figure out what it takes to make sure the system is able to be protected. >> thank you. it is clear to amy if you have fire chief of the dark ages you cannot stay on top for crime committed to working with you and also mentioning therein is is very good people and the technology sector to run

major tech firms i think could be available. so we're committed to make sure you were understand there is a bipartisan effort >> first of all, thank you for coming and for this conversation and the reason is the personal private tax information of over 100,000 taxpayers is deeply concerned because it is based on the proposition of voluntary compliance of privacy. so i'm asking about a letter asking a number of questions related to radiator breach -- dave darr breech. this would shed light if the irs never considers a security risk prior to is to

gain the skip on-line service my letter asks you pride a response by june 4th and it was sent last week. some examples of what we are concerned about is whether or not you have a risk assessment plan and a mitigation plan so some of the documents i am asking for. to you have any idea where my request stands and can you fully respond to my letter by june the fourth? if not when to expect i could get a response? >> that is a good question. as i said pretreat darr -- letters from the help very seriously. they are a high priority sometimes there's a lot of data but our goal is not to

delay any longer than we can. the amount of information probably not the end of this week but we could likely by next we can there is say but the program that is in the process that will be 40 or 50 and that is interesting to read about those challenges and that this woman in a new application was put up but it is important question, not only to have mitigation plans but to monitor as rigo for word, what is going on?

where are the attacks coming from? mosquitos checking to see weird day are. >> but we have the vote with senator grassley and i will try to get back by then. >> so in that order. >> i think they're heard you say you would fall they respond baby not by june 4th but next week. thank you. >> the it is very important as far as i am concerned today office to vibrate the security measures but

mr. grassley we did take a look at the early program and at that time there were limitations that we believe were implemented and a subsequent version we have not taken of a cat. but the irs failed to notify specific but when it initially began? >> the last filing season their 238 million downloads with the application so it is a huge volume now reno to go back through the logs we have locked every transaction and there were shrouded under the issues volume of request going out.

in the filing season ended i think what happened is the volume dropped but at that time the legitimate request had gone up and the activity became physical to a us sprint are not people expected that but that is from midday when we noticed. but in fact, those unauthorized attempts to access the data as soon as they found that out we notified the hill and i am delighted we could identify 104,000 taxpayers. >> my time is up but i will submit to questions with answers in writing. thank you spirit thank you.

it is great to see you both. we appreciate your service to our country per car want to start off with commissioner koskinen talking about what the irs is doing to reach out those two of whose information may have been put then the data was released and we regret

the separate attack took place in the understand it is a germanic it as to believe victims of the agenda the fraud so even while we tried to get to the bottom of it to identify the worst the information had gone out the goal is to that notice as clear of the by the rehab completed the report to offer credit protection also offering the authenticate themselves for the individual protection to give them even further security as they go forward. we have done everything we can and as quickly as we can because it is important to

have that information. >> the letters are all in the mail. to the one hegira 4,000 not to those where no data was a skilled but they need to be identified that criminals have access to their personal information. >> for their phone numbers people can call to get further assurances? >> as you know, it is and does good as you like it to be so we suggest you post on the web site if they have questions and yuri had some people show up to the taxpayers center and they provided assistance as well. >> i've always said iran iran with other people smarter than me for my success in life. but i want to talk about the issue to streamline critical

and to answer for the record if we were to restore this program in 2015 to fully restore this program what is the cost on the annual basis compared with the cost of this breach as we attempt to aspire you don't have to reanalysis on the top of your head what type of trend on the investment? >> the inspector general it appears the cost of the government is for $500,000 per year because that pay increase deferential is relatively modest. some are paid as -- lower than former's but to save

the 13 million returns good to have hots but the return on investment is significant they had a 90 program -- the program will loss of analytics people. >> can you give me that? for the record. >> to the extent that we could we did find was operated successfully and was justified. >> outside help. you have the other agencies to be of assistance to the irs and department of homeland security?

and is one other agency should be doing. >> i met with the savagery of komen security that provided technical expertise even with the denial of service to rural the inspector general. and what they provide is updated information across the spectrum so there is a good working relationship with agencies under attack to see the patterns and what can we learn from each other ? >> thank you mr. commissioner and inspector general. i found other possibilities for the data breach. when i filed my taxes i had overpaid and it don't have

electronic transfer to a debate because i will not share that with the irs or anybody else alive received it in the paper check. was surprised me there is also a flier from the consumer financial protection bureau that has the power to impose and reporting requirements on personal information. people love worried about the national security administration they should worry about them. they get all of our data all the time that is a possibility for a security breach. ill-fated goes to the i.r.a. rest through the consumer protection financial bureau especially since it is funded through non appropriated funds from the

reserve system's earnings before it ever gets to the general fund and a question for the appropriate use taxpayer dollars to advertise cfpp as a kid by including in the mailing with a tax refund. and as a cfpb is supposed to be a independent air organization of the treasury department should solicit information on their behalf. i appreciate answers in note the need to be more detail about what did they rely on to include that information and what agency paid to print to had the respect all the boundaries and could hackers get data from the consumer financial protection bureau used with the irs with that department

mr. commissioner i will put those in more detail but the best chance to get an answer is right now. >> first i should make a correction is 13,000 returns but previously he said 30 million bereaved often provide information that could be of interest to them but we do not share under the protection of taxpayer data and there is the specific statutory authorization and i would be happy to get you details.

band for their assistance in ways that may be helpful. we're not asking them to provide additional information but we will get you more detailed information. so if you send me a note i would get you the answer back quickly. >> will be asking questions because there is the cost to put something in the envelope. even the unlaces prepares for preying on those uninformed taxpayers i did not see that but that is the possibility where people get that information. to what degree is the irs working through a limit that fraudulent tax payer returned?

>> reminder tax preparers preparers, we monitor them and we are concerned about not only criminal tax prepares but we've requested legislation that allow us to have minimum qualifications if you go into immigrant communities people will advertise the you will get you a big refund whether you are entitled or not. tuesday extend to every have a but then to monitor a fraudulent returns. >> i appreciate you being here paul have to put us into temporary recess. [laughter]

[inaudible conversations] i might as well as give a couple of questions. the senator from kansas? >> thank you for coming in to come up with some answers just the day coming back from washington on an airplane from kansas in that with the irs. i respond to what he thought

was his concern to target those conservative groups to say no no-no. to said rehabed a breach of a cyberattack and one of was that all about? i said we don't know yet but we will have a hearing and we can try to get to the bottom but we do know it is a half her probably from russia or the russian mafia. and he just looked at me. i don't have more to say. this so this rendered him speechless and i think a lot of people are in the same go. is up paradox of the burmese irony. but just prior to the beach -- a breach just weeks ago

how safe the data was contained in that transcript system and that was now with the agency's inspector general said gao reported adding it is unnecessary full verbal to inappropriate and the detective reviews''. and i agree with senator biden with those that perhaps that right now it looks like real the using of

war so ted hughes this latest breach to win the fight. so to have the tools and mindset if it is even capable and i am very concerned to pushout programs that was pushed out some time ago to overtake then need to safeguard taxpayer information. sova tuesday honorable commissioner koskinen, to what extent you partner with the private sector on data security? you needed the additional flexibility to work with outside experts to have access to address the privacy.

>> we have various elements with the great working relationship with institutions to pull together a security summit of the major tax preparers and i said the meeting is a free to tell you what to do but but a partnership to work together how the three of us and how the service can work together and we expect next week for what we will do for the next filing season. but you take of look on a long-term basis what we've made - - what we need to do but private sector coated they needed level playing

field so to come up with our requirements with the sharing of data or that implementation we are the only ones that can acquire that across the board iran and will do that if necessary but it does a wonderful working relationship. >> my time is running out. but i understand the irs has shut down the transcript program. but in looking at this program. >> we do not have a definitive answer at this time in then to do access that did not bassist so to

make the change between the access and security. . .

they are in fact operating globally they are located and headquartered in one country or another but they are not constrained a geographic boundaries. this is coming from several different organizations. in our experience at looking at places around the world as they cooperate their interests and they can pass boundaries very easily. >> perhaps we could have something called a national security agency where we could track this kind of data. something like that. >> sounds like a good idea.

>> i apologize to my colleagues for going over town. >> have you pinpointed any country from which this came? >> we have to be careful with the active investigation mr. chairman, but if you use a router or server in a different country on another side of the world but at this stage, in the report it said it was originally russia.

>> they're not going to name any country or countries? >> at this time we don't have enough information to share. >> let me make sure i'm getting this right. center drive x6 for the last six days the united states senate and 41 members of the united states without personally identifying any information whatsoever. were getting ready to take that authority away from them. we had a hundred thousand

americans that had their identity stolen. they know how much money i make, how much money my wife makes where i go to church if i buy stocks and bonds. it's a lot more personally identifying information in whatever the nsa does and there looking out for our safety. i just had to make that statement. secondly it's ironic that they e-mail me to say my credit card changed and i need to email them. that just came in at 1024 1024 on my blackberry. >> i had mine stolen about three years ago and i want to commend the department for the echo five

or protection. i guess my question is on the ip numbers, district columbia in georgia and one other state gives taxpayers the option to apply for an ip number which is a self identifying number for tax return. is that correct? >> that's correct. >> and now there's 1.5 million of those issued. >> yes they have been issued to those who have been victims of identity theft. were trying theft. were trying to get more people in a pilot program. we've had a really tivoli relatively modest interest in

that. >> were trying to find out what the cost is. >> is that foolproof? >> somewhat. its use for only one thing. it has no other use then to authenticate that the taxpayer gets the ip and is the legitimate taxpayer. if they keep it secure there is no way anyone else will get it and the returns are safe. >> if it is foolproof it seems like you would give every american the ability to apply for one of those. you would give them all the opportunity to get one. >> what were looking at with the pen is if people lose it we have a lot of people, 50 million

people with ip pins and half of them lose it, were going to have a lot of black round noise trying to get them replacement pins. it is ultimately a way to go when we get down to the bottom of it. our analysis over five years it. our analysis over five years is that our authentication is going to be the key. whether it's authenticating you to get a pin or have a way of sharing a way of sharing information with who is the customer. are you who you say you are. why do we have to a syndicate you to make sure you're not someone impersonating you. how do we get even or get ahead of the game to try to make it

work. ultimately will never put them out of business but the goal is to make it so difficult and expensive that it's not worth their while. >> i've been thinking as i listen to i listen to both of your testimony that part of the best way to protect the limit and fraud is to change the way we do our taxation. there's a book called a fair tax that talks about going to a retail sales tax which eliminates the payroll tax in the real estate tax. wouldn't this be a way to protect against identity theft? >> i cannot give you a definitive answer on that one. suffice it one. suffice it to say, the more information and the earlier the irs gets it and the easier way of doing taxes and the various

proposals, such as the ones you mentioned on and we don't know whether or not they would have a direct impact on identity theft. >> if i paid my tax on i paid my tax on a retail basis it would eliminate any of the self identifying information that could be collected which would be a protection against identity theft. the issue globally which still exists with your credit card is are criminals accessing enough personal information to access your bank account, your credit cards, your mortgage information. if we were dealing with a system that collected money through a fair tax or sales tax in that

regard we wouldn't have a system that has individual information. >> i appreciate the work that you are trying to do. >> i might just note that the irony of that is that our employees appreciated was that we spent an hour on a briefing of identity theft. >> thank you mr. chairman. >> can you tell me how many south carolinians have been affected by the breach? >> i cannot tell you that. as i said earlier anybody in south carolina should be getting a letter in the next few days. we should be getting that information in a not a next couple days. it's not segregated by state at this point.

>> we are concerned about the irs. your your agency is the agency that has the power of intimidation. there were many americans violated by this breach and they are passionate and concerned about the activities at the irs and it doesn't simply start with the breach. it started when we had the conversation last time about groups being targeted because of their religious bleats or political doctrine. inflows into the loaner emails and the ability to figure out e-mails and the ability to figure out if you have or if you don't have the e-mail. it continues on down the road when they call during tax season and they're unable to get someone to answer so they have these courtesy hangups. it is consistent as i talked to my constituents that they are

concerned that the breach will only add more fire to people who are absolutely petrified by the irs. now having their information exposed to criminal elements drug cartels is even more concerning. i'd love to hear what it is that you are doing in order to secure the id at the irs. i also have a irs. i also have a question about the 19 recommendations that were made in only eight were implemented. what were doing for years is security is a high priority for us. it's based on information stolen elsewhere and you file a false return and we know that the difficult situation for taxpayers. if that happens to a taxpayer they get prompt response from us they've noticed that we work

closely with these agencies and we value their opinion. we've asked them to look at our system and make sure they are breached. we get being over 1 billion times a a billion times a year. we are not under any illusions that we are not at risk. we spend as much time and effort and resources as we can focused on that. anytime we make a change in a system, anytime we anytime we make a change in an application and look at the security aspects of it as inspector general said we are trying to provide better taxpayer service. we did not answer the phones at anything like the rate we would like to have. we had 23 million transcripts downloaded last year. those were requests that they would've had to make otherwise on the phone or in person. so to the extent that we can provide better service that's a

high priority for us. we service, that's a high priority for us. we take it seriously and taxpayers have to feel that they're going to get treated fairly no matter who they are or who they voted for or what organization they belong to. we implemented all of those recommendations to. we implemented all of those recommendations in that regard. we take their concerns seriously and they are ultimately our customers. we work for taxpayers and not for customers. we work for taxpayers and not for anybody else. >> from a resourcing standpoint it seems like the obama administration has about $5 billion. in the last decade or so over $10 billion has been spent and this doesn't seem like the security we would expect. of the recommendations that were made previously for corrective action, to fears that only eight of those 19 were implemented and

perhaps some were closed before they were fully implemented. >> i will in the amounts amount of time that we have left and i would request to submit right response in writing. we have made a total of 44 recommendations since march of this year. eighteen of those have been security orders and have yet to be recommendations from security orders that have yet to be implemented. ten of those come from orders that were completed during fiscal year 2008 to 2012 so they are very dated. there are some of the examples of the oldest recommendations that were made. >> can you name one? >> the irs should require system administrators and their

benefactors to reveal and validate the tax system. it should only be allowed for people that have need for those information. >> i think it's important to point out the 104000-dollar figure is used a lot. we have to keep in mind those are the records that were access. a lot more people could be affected by that. their information is contained within those reports. i cannot give you a definitive number at this time and i don't think the commissioner can either but it is more than a hundred and 4000 people.

>> mr. chairman think you very much. thank you for your appearance here and your service. >> i want to i want to talk about the issue through the lens of pennsylvania. we had a number of reports and i've heard directly from law enforcement about identity theft not just the broad-based or the significant challenge but specifically because it often involves many different agencies. for example in addition to the irs, the department of justice social security administration and social -- law-enforcement.

i'd ask about interagency and in terrace state coordination. tell me about that in terms of what you've been able to do since you've been commissioner. >> all of this exploded in 2010 and 2012. in it over whelmed law-enforcement and it overwhelms everyone. since then we've established successful partnerships with law enforcement across the country together with the department of justice and attorneys we have a very active criminal investigation division. we don't investigate or bring charges. we have to work with partnership with lon forstmann across the country. that has been very effective. we have put over 2000 people in jail who have been convicted. one of the realities of this is

district attorneys at the county level are among the law-enforcement officials that have to get involved. i'd ask for your commitment to help on a coordinated approach to help solve the problem. >> we can't solve this by yourself. we need as much help as we can. we have a great help from the inspector general as well. >> i want to turn to the question of resources. often we in the congress will point to a problem and that's

part of our job in terms of oversight and making sure taxpayers have their concerns responded to. as we point fingers, we should also be constructive in terms of providing support. sometimes it happens and sometimes it doesn't. on the question of resources you say congress can help by approving the president's budget request witching clued's $101 million specifically devoted to identity theft and refund fraud. plus a hundred and 80,000004 technology infrastructure. so 101 million+ $180 million. 101 million plus $180 million. can you tell us what that money would be used for? >> yes on the one hand in terms of identity theft it would be a way to speed up our process and

respond more specifically to individual taxpayers and their concerns. most importantly it would allow us to upgrade our it infrastructure. we are running antiquated systems which are no longer supported by software companies and i would stress this particular problem was not about resources. my concern is about the overall ongoing problem of criminals around the world and the security of the entire system. that's where the weakness is in our antiquated system comes to bear. we need to continue to improve the overall system. >> i hope if there's any additional, by way of authority or resources when it comes to dealing with the international dimensions of this which i'm sure are challenging, i hope you indicate that to us. >> mr. general i'll get it question to you for the record since were out of time but thank

you for your work. >> mr. chairman thank you. thanks for holding this hearing. i want to think our witnesses for being here also. commissioner and i want to also. commissioner and i want to thank you for the call had yesterday. it was very helpful and hopefully we can move forward and i'll even bring up bring them up for that matter. the i think there issues that are important to my home state. i've heard from state. i've heard from many of my constituents. they have strong concerns over the irs proposed changes. the filing of information returns due to the administrative burden propose, 13000 customers have signed a petition for the repeat porting threshold for bingo and other machines and i to share their concerns.

across the u.s. the gaming industry supports a large number of jobs. with had multiple conversations with your office in regard to these proposed rules. with that said i'd like any other taxpayers that were kept in the dark regard regarding new rules. your comment period was extended and i appreciate i appreciate that since it did take a couple months to get a response from your office. as i mentioned yesterday my comments will be coming in the next week or so. thank you for your help and support and extending the deadlines in order to get those questions in. the chairman talked a little bit

about public trust for the irs. you are familiar with that. the number of weaknesses, the ability to effectively protect confidentiality and taxpayer data unfortunately was not implemented. the inspector general is here and he spoke on the and you alluded to it as well. it is my opinion that tax reform would provide simpler code and better tools to combat tax related identity theft. i told you yesterday on the phone i'm here to help. how can i help you? >> while i appreciate that and i appreciate the chairman's clarity about what we need to

work together on this. it's not this. it's not a political issue as we've said for some time. we need to get information returns earlier that would be a great help to us. we need to have the authority to mask w twos so they are being produced by legitimate companies and not fraudulent companies. we need to work with the tax preparers and software companies as well as the states to provide minimum requirements for data that authenticates taxpayers when they file their return. ultimately as i have noted, our discussion today is not about a response to a funding shortage but the challenge we face more broadly dealing with criminal enterprises around the world. that does depend on making sure we have adequate rending to make sure we can rebuild our systems and bring them into the earlier 21st century rather than the late 19th century.

>> they discussed an option that would allow numbers to be put on the forms. what you think of that? >> forms. what you think of that? >> we have talked about just putting the last four digits on the w-2 form. what's more importantly as may be putting hashtags on those forms. a number of companies can provide the paper. we may need to be able to have those who produce w-2s to make sure the identifier is legitimate. >> you think that would be happy

helpful? >> i do. >> let me ask you an unrelated question while you're here. it's an important subject. they were investigating a hard drive crash. they gave the committee the last of the e-mail. as i understand it the next step as i understand it the next step is for you to provide us with a report on your investigation. now that all the recovery work is done can we get a commitment from you a commitment from you to submit a report on the hard drive crash by mid-june? >> i can commit to having it to you by the end of the month. i spoke with my chief investigator prior to the hearing and as of now we have conducted over 100 100 almost

150 interviews related to the loss of e-mails. as you can imagine with each interview that leads to more information that needs to be tracked down. given the nature of this matter we need to be as thorough as possible and we are endeavoring to do just that. i can say there is still some very important interviews to come. we will do our best to try to accommodate that request but i i cannot assure you we will have it by the end of the month. >> okay, we will live with that. we'd like to get our final report if we can. i just want it on the record to say i'd be delighted to get everybody's final reports. >> i'm not sure that was helpful. >> senator robert's had a question robert had a question or two and then i'd like to start the second round. >> nina olson leads the taxpayer

office and in her annual report she noted that victims must often navigate irs operations and recount their experience time and time again to employees even when cases remain in the system. on average the agency took nearly six months to resolve cases. she had of the cases were often closed prematurely before all of the issues had been fully addressed. she recommended a single officer be assigned to handle each case. she spoke to a broader issue which i think sums up what were after, grinning taxpayers in enhanced access to their tax information which was the goal that even congress agreed to when we pass this bill. the overriding priority must be to protect confidential

information. is that a fair statement? >> the inspector general said it's a balancing act. we have 23 million successful downloads of the transcript. if those people had to call us or show up in person it would have been a problem. on the other hand we need to make sure we are secure as possible. what's happening across the economy's customers and taxpayers now understand that it may be harder to get access to their account. not harder that it takes you two weeks, but there may be more hurdles you have to go through. you may have to have more information available to get information. i think taxpayers and customers are willing to accept the higher level of birth burden. it should be noted that over 20%

of people who try to get their transcript downloaded can't answer their own personal questions. this also reminds us that no matter how important it is to be providing excellent service we service, we have to focus as much as we can on the security of the data and that is a important issue for us. >> the irs asks taxpayers not to contact the agencies because it will already slow down the overburdened agency. it's like hurry up and wait. they won't have to wait long. the letters were already sent out to the 104,000 people. >> what does the letter say? >> tells them how to login and

go to our website if they have questions where we've posted frequently asked questions about the situation and what can be done. we advise them in that letter that we have marked their account so that no one else can file a return with that information. >> i appreciate that. thank you mr. chairman. >> let me just ask i apologize i should've called on you first. >> i've already had one bite of the apple while you were out of the room so i'll wait my turn. >> in 2012 they did an audit of the security response center. that is what's used for preventing and detecting computer threats. in that 2012 audit they found that the irs is not monitoring

34% of its servers and you noted that without appropriate monitoring this system may not timely detect cyber since it security incidents. to have a plan to reassess this system and is this what led to the breach? >> yes we will also be monitoring that. >> the irs is planning to expand the online services it offers in the coming years. one example is the secure messaging pilot program that is going to launch in 2016. that will allow the irs to e-mail tax payers about

sensitive information. that is something they information. that is something they have not done in the past. in light of the recent data breach do you have concern about the security of online services they plan to introduce? what are they going to do? >> we have sent a message that says we will never reach out to you by e-mail or the like and so they will have to engage in a public service to inform taxpayers about these new ways of approaching the system of tax administration. alternately it is a worthwhile goal to be able to contact

people by way of e-mail and alternate ways versus paper contact which is much more expensive. and when you have individuals -- so it's a way for the irs to more efficiently medicate with taxpayers regarding their tax obligations. that's a good thing but that takes a lot of looking at the overall proposal how it's implemented and the impact that it has on taxpayers. >> thank you we appreciate the service that you render. is a tough job for both of you. do you have any questions? >> i just have a couple of quick a couple of quick questions. i probably won't take all my five minutes but their issues i think are important. the last question i asked was

how can we help? i want you to explain to me why critical authority should be renewed? >> we can find someone like the head of our information technology system and we can recruit them and if we find the right person we can hire them and they can start immediately. the government process requires us to go through a process that takes three or four months. most the time when you're recruiting, people can't wait three or four months. we've had two people we tried to hire in the it department but they did not want to participate in a three to five month process and therefore they turned us down. >> what's been the impact between then and today?

>> we had 29 people on critical authorities and we never used more than 34 of 34 of them. we are down now to 15 or 16. we have lost our senior international expert we've lost at deputy cio we lost three people in big data analysis including our expert on data and authentication. authentication. their term ran out and we have not been able to replace them. >> you know your budget a lot better than i do, but i do, but in 2014 you spent $2.4 billion or 21% of your budget on information technology. with that budget being that substantial, do you have the experts that you need in cyber security? >> at this point we have the experts. at this point the head of

security is on the critical team. much of that money goes to just maintaining our system. we had a take 300 million out of other at it programs. do you feel you have qualified teams? >> yes we have a dedicated and qualified workforce. even with all the education and abuse they take, they are dedicated to the mission which is helping taxpayers. >> my understanding is that he has a couple questions but

personally i like to thank both of you for being here. i appreciate the testimony you have given here today. you have tough job there's no question about it. i don't know anybody who approaches it with a smile like you do. i think there's something wrong with you that you are not upset every day. on the other hand i know you aren't and we are very appreciative of the hard work you do. it's important that we have both of you working in the best interest of our country and our taxpayers. i've taxpayers. i've appreciated you over the time that i've known you and the time that you've been on the committee. with that let's turn to another question.

>> ms. state treasurer and an old governor. i've been thinking about the tax on the irs. has anyone given any thought on how to prepare information and defend treasuries? >> were sharing information and trying to provide them with as much assistance as we can about what we know. as to say this is no longer the problem of any organization, this is a systemic problem across the entire economy. there's a website that someone sent me that had an indication that the 25 cyber attacks in may

and we were just one of those 25. we take it seriously and we need to deal with it aggressively but we need to understand it's in the context of a significant significant and systemic set of attacks. >> i heard you describing the information in the letters going out. we will elaborate on that. >> an individual protection pin is a separate six digit number that's given to taxpayers if they are a victim of fraud. there is there's a point where they will file the ip pin. if it is not filed, the return would not be accepted.

it won't allow someone to file a return with their social security number. >> does the taxpayer need convenient means to getting old returns? >> that's the conundrum you face. we can't put it back up unless we are satisfied the security is appropriate. it does mean it's going to be more difficult for taxpayers and some of them can't get through the existing security. we are looking at the lessons learned from this event and are delving into it to find out what happened and what could be done with the security issues to make

it more difficult or impossible to happen again. it's a continued trade-off to try to pit provide as much information to taxpayers as we can but keeping it safe at the same time. there's a multi- year up effort to upgrade the computer system. >> your point is well taken, we are working on upgrading the system for some time and we won't be able to do it in one year. we are working on a lot of things to give them a longer term view of what it will take to upgrade the systems and provide secure increased availability to taxpayers.

>> we talked a moment ago about a partner ship with the states and we can learn a few things from them to prevent against these attacks. are there any other countries we are working with that respond to these challenges that we may be able to gleam some helpful ideas from? >> we are in contacts, i belong to a group of tax administrators along the world around the world and we have more of these challenges than others but security is on all of their mind. those with value-added tax are less concerned with individual taxpayer information as we discussed earlier today. in the meetings i've had with them we seem to be having more challenges as an economy as well

is a tax administration system. >> last question a year or so ago there was a firm that specializes in protection. some of them drove down and said these are the folks in these or where they're located in these are the attacks being launched against our country. the chinese didn't accept it very well. i always like to focus on root causes. i keep trying to figure out how

we go to a approach cause this is just spreading. i'd like to say that the third time is a charm after all these breaches, but how do we go about the root cause of getting to thedo about that? >> of course having the world's largest economy it attracts the bad guys. while i'm not familiar with this study that you cited indicating

china is a major part of these problems, a lot of them did emulate former soviet places. it's too many people that have too much time on their hands with the sophistication that relates to computers and networks and servers and it is truly a challenge, not just for the irs this is a federal state, local, federal and national problem. i don't see it ending anytime soon. as soon as we increase our security, the bad guys will security, the bad guys will increase their efforts and they have a lot of time on their hands. >> we've spent a lot of times trying to focus on the symptoms

of problems and we don't always focus on the root causes. one of the things that it is important to focus on symptoms and solutions but we also need to focus on root problems. >> mr. chairman confirms tax related victims florida 334,962, utah 10654. delaware 4703 those are your

constituencies that were victim of identity theft. 1,889,736 if you include the u.s. territories and on confirm residents. were talking about 2.75 million, now mr. chairman we've had six hearings on identity theft and yet we continue to bring in irs. let me take care of this by passing legislation. i follow legislation, you fallow legislation. your legislation has a lot of similarities between our simulation legislation.

we should be able to get something moving. so, put on the record mr. commissioner, what tool would help you on this which i think this, which i think is in the legislation, but you want to get that out there on the record. >> yes, as we said earlier in the session we've got increasing support on the hill for it. we need to get information return earlier. we need to get them in january when employees get them. we need to have them before we send out refund so we have a better chance of matching. we need to be able to use hashtags on those w-2s to make sure the w-2s are accurate. criminals are generating force corporations and generating force false w-2s.

we need to increase the penalties for engaging in identity theft and refund fraud. those are in our budget proposal and in your legislation. i'll leave it with the chairman's but together final package that would put together a set of tools. there is no magic silver bullet that tomorrow morning will put this all to an end. we have to continue to be diligent and do everything we can with our systems and security and monitoring. clearly the items that are contained in the legislative discussions are going to be important.