Skip to navigationSkip to content

Hackers attack the IRS 145 million times a year. Now we know they got in

AP Photo/J. David Ake
They got in.
By Matt Phillips
Published Last updated This article is more than 2 years old.

Identity thieves pilfered tax records filed by some 100,000 households and tried to steal as many as 100,000 more, according to a statement from the US Internal Revenue Service, the national tax collecting agency. The IRS says:

These attempts were quite complex in nature and appear to have started in February and ran through mid-May. In all, about 200,000 attempts were made from questionable email domains, with more than 100,000 of those attempts successfully clearing authentication hurdles.

The IRS has long warned that it is giant target for cyber attacks. In Congressional testimony earlier this year IRS commissioner John Koskinen told interlocutors:

We get attacked 145 million times a year. There’s no database that’s more attractive that our database and yet, we are dealing with less and less support for our IT system than we think is appropriate. So we will deal whatever you give us but I can tell you that we are significantly underfunded at this point already.

Interestingly, one of the IRS’ most-valuable weapons against today’s hackers is the antiquity of its computer systems. One of Commissioner Koskinen’s major talking points in his efforts to drum up cash for technology upgrades at the agency is that the IRS has some applications that have been running since JFK was in the White House. He hammered the same point last month in a discussion at the National Press Club in Washington:

Despite more than a decade of upgrades to the agency’s core business systems, we still have very old technology running alongside our more modern systems. We have many applications running when John F. Kennedy was president. Bout the only good thing you can say about them is that the code they use has been out of date for so long that it has the unintended effect of creating problems for any hackers who might try to figure out how the system actually works. But this ancient technology compromises the stability and reliability of our information systems and leaves us open to more system failures and potential security breaches.

As an example, some IRS applications currently still in use were built using a language known as COBOL, which was first developed by the US Defense Department in 1959.

📬 Kick off each morning with coffee and the Daily Brief (BYO coffee).

By providing your email, you agree to the Quartz Privacy Policy.