IRS taxpayer data wasn’t exposed in SolarWinds hack, says TIGTA

The Treasury Inspector General for Tax Administration so far hasn’t uncovered any evidence that sensitive taxpayer data was accessed during cyberintrusions at multiple federal agencies, including the Treasury Department and the Internal Revenue Service, blamed on Russian government hackers.

“At this time, there is no evidence that any taxpayer information was exposed,” Inspector General J. Russell George wrote in a letter last week to House Ways and Means Subcommittee Chairman Bill Pascrell, D-New Jersey, and ranking member Mike Kelly, R-Pennsylvania. “TIGTA will continue working with the IRS in conducting additional forensic reviews and network log analysis as additional information related to this event becomes available.”

George told the lawmakers that on Dec. 13, TIGTA became aware of the alleged cyberattack on the Treasury Department and immediately reached out to the IRS’s Computer Security and Incident Response Center, to determine the impact on IRS operations.

Pascrell and Kelly wrote to TIGTA as well as IRS Commissioner Charles Rettig earlier this month asking about the incident. In the Senate, Finance Committee Chairman Chuck Grassley, R-Iowa, and ranking member Ron Wyden, D-Oregon, also sent a letter to the IRS asking for information earlier this month (see story).

“We are heartened that initial findings suggest that the recent cyber-attack on our government did not compromise taxpayer information lodged with the IRS,” Pascrell and Kelly said in a joint statement. “Americans should have confidence that their personal data is protected and secure. We continue to urge TIGTA, the IRS and the Treasury to be as transparent as possible with the American public on any breaches that they might subsequently find as they continue their investigations.”

Andrew Harrer/Bloomberg

The SolarWinds hack reportedly affected not only the Treasury and the IRS, but also the State Department, the Department of Homeland Security, the Defense Department, the Energy Department, the Commerce Department and the National Nuclear Security Administration. Firms such as Deloitte, Microsoft, Intel and Cisco Systems were also reportedly attacked. The hackers exploited an update of the widely used Orion network management software from Austin, Texas-based SolarWinds to infect the networks of the agencies and companies and gain entry deep inside their networks.

The problem wasn’t detected for months and was only uncovered when a cybersecurity firm called FireEye realized it had been breached and that the hackers had stolen the cyberintrusion tools it uses to probe its customers’ defenses. The sophistication of the attack, which breached the defenses of some of the most secure companies and government agencies in the world, has led the FBI to suspect that it was carried out by the Russian government’s foreign intelligence service, but the Russian foreign ministry has denied any involvement.