IRS outage caused by back-to-back failures, not cyberattack

The computer outage that halted IRS tax return processing for more than a day resulted from not just one hardware failures but two, the tax agency says.

An electrical voltage regulator on the computer server that handles tax returns for millions of Americans started to fail on Feb. 3, Terence Milholland, the IRS' chief technology officer, testified at a Thursday hearing of the House Committee on Oversight and Government Reform.

As a technician worked to address the problem, a backup voltage regulator also failed, he said. Approximately 30 hours elapsed before the IRS was able to fix the regulators, which Milholland said come under "high-stress conditions" when the computer is operating, and resume normal service.

Seeking to allay any fears that something more sinister might have been to blame, Milholland said, "This was, with absolute certainty, not a cyberattack. It was a failure of mechanical devices."

IRS resumes tax return processing after computer outage

The explanation didn't satisfy Rep. Jason Chaffetz, R-Utah, who chairs the oversight panel and had suggested earlier that electronic hackers might have caused the outage.

"How does that happen?" he asked about the back-to-back voltage meter failures. "Why do you have redundant power if that also goes out?"

The episode marked the latest in a series of computer problems that have embarrassed the IRS, and, in some cases, raised the risk that taxpayers' personal information could be accessed, used to steal taxpayers' identities, file fraudulent tax returns and collect refunds.

The tax agency this week disclosed that it detected unauthorized efforts to gain access to e-file personal identification numbers for more than 450,000 Social Security numbers in late January. Approximately 101,000 of those efforts succeeded in accessing an e-file ID number, the IRS said.

No personal  taxpayer information on the computer system was compromised, and hackers generally would need data beyond just a PIN number to file a phony return, the tax agency said. IRS personnel are now mailing affected taxpayers alerts about the problem.

IRS hack far larger than first thought

In the agency's most serious computer-related failure in recent memory, cyberthieves accessed as many as 334,000 taxpayer accounts. The hackers got into the computer system by using an IRS application called Get Transcript, which allows users to retrieve their tax account transactions, tax return information or wages and income reported to the IRS.

Chaffetz cited both of the hacking incidents as he accused the IRS of incompetence. Several Democrats on the oversight committee pushed back, suggesting that the tax agency was being unfairly singled out.

But Chaffetz, who is among the GOP House members who have called for impeachment proceedings against IRS Commissioner John Koskinen, responded by citing a September 2015 report in which the IRS' inspector general criticized parts of the tax agency's computer security.

"Until the IRS takes steps to improve its security program deficiencies and fully implement all security program areas in compliance with (Department of Homeland Security-directed) requirements, taxpayer data will remain vulnerable to inappropriate and undetected use, modification or disclosure," the inspector general report concluded.