U.S. Reps. Bill Pascrell, Jr. (D-NJ-09) and Mike Kelly (R-PA-16), the Chairman and Ranking Member of the House Ways and Means Subcommittee on Oversight, this afternoon made an urgent inquiry to Internal Revenue Service (IRS) Commissioner Charles Rettig seeking to know if IRS systems were compromised by the recent massive cyber-attack on the United States Government.

“In order to assess whether and to what extent IRS systems may have been compromised, we respectfully request answers to the following questions by December 22, 2020: (1) Were any IRS systems compromised and, if so, which and when? (2) When did you first learn of the compromise and from whom? (3) Were you told of the compromise immediately upon detection?” the Chairman and Ranking Member asked the IRS Commissioner.

In a separate letter, Reps. Pascrell and Kelly wrote to J. Russell George, the Inspector General for Tax Administration (TIGTA) in the U.S. Treasury Department, seeking a briefing and report on whether the Department has learned of any breach of IRS systems.

A copy of the members’ letter to TIGTA is available here and the text of the members’ letter to the IRS Commissioner is provided below.

December 18, 2020

The Honorable Charles P. Rettig

Commissioner

Internal Revenue Service                                                                                   

1111 Constitution Avenue, NW

Washington, DC  20224

Dear Commissioner Rettig,

            As you know, the Cybersecurity and Infrastructure Security Agency recently issued Emergency Directive 21-01 calling on all federal agencies to review their networks for indicators of a compromise involving SolarWinds Orion products and to secure their networks against exploitation.

            In order to assess whether and to what extent Internal Revenue Service (IRS) systems may have been compromised, we respectfully request answers to the following questions by December 22, 2020:

1. Were any IRS systems compromised and, if so, which and when?
2. When did you first learn of the compromise and from whom?
3. Were you told of the compromise immediately upon detection?
4. What has been done to secure the systems against future compromise?
5. Are IRS legacy systems more vulnerable or less vulnerable to compromise than systems updated as part of IRS modernization efforts?
6. When do you intend to notify the Congress of the extent to which taxpayer information was compromised and whether additional funding is needed to address this compromise?

          Thank you for your attention to this urgent matter.  We believe that it is important to provide taxpayers with a full understanding of the extent of the SolarWinds Orion compromise to maintain confidence in the federal tax system. We also request that you provide a bipartisan briefing on these matters as soon as possible. 

Sincerely,