‘No evidence’ IRS taxpayer information exposed by SolarWinds hack
There is no evidence taxpayer information the IRS maintains has been exposed in the SolarWinds hack, according to the inspector general for tax administration.
The IRS‘s Computer Security and Incident Response Center continues to conduct forensic reviews and network log analysis in the wake of the cyberattack, but the initial findings appear positive, J. Russell George wrote in a letter to Reps. Bill Pascrell, D-N.J., and Mike Kelly, R-Pa., Wednesday.
Pascrell and Kelly, who lead the Oversight Subcommittee within House Ways and Means, wrote George for an update after the Department of the Treasury learned it was compromised on Dec. 13.
“At this time, there is no evidence that any taxpayer information was exposed,” George responded. “[The Treasury Inspector General for Tax Administration] will continue working with the IRS in conducting additional forensic reviews and network log analysis as additional information related to this event becomes available.
The Cybersecurity and Infrastructure Security Agency required all agencies using SolarWinds‘ Orion software to review their networks for evidence of compromise and disconnect or power down the network monitoring framework.
At least seven agencies were compromised by malware linked to Russian hacking group APT29, or Cozy Bear. The hackers were able to push the malicious code alongside SolarWinds’ software updates to federal agencies, major corporations and other customers of the Texas-based company.
“We respectfully request a briefing by December 22, 2020 and a follow-up report,
if needed, on (1) what the Treasury Inspector General for Tax Administration (TIGTA)
knows about the impact, if any, of the compromise on the Internal Revenue Service (IRS)
at this time and (2) what TIGTA plans to do in the future to oversee IRS actions to
mitigate the harm to its systems and taxpayers, and to protect against future incursions,” the lawmakers wrote in their letter to George.
With at least 32 federal agencies having purchased SolarWinds Orion software since 2006, similar announcements are likely on the horizon from other agencies as to whether they were compromised and even had data exposed.