The chairman and ranking member of the Senate Finance Committee on Thursday requested an urgent briefing to discern whether the SolarWinds hack that affected many federal government agencies also compromised taxpayers’ personal data.
Sens. Charles Grassley (R-Iowa), and Ron Wyden (D-Ore.) sent a letter (pdf) to IRS Commissioner Charles Rettig to ask him to come and update the committee about whether private taxpayer information was stolen by hackers.
“The IRS appears to have been a customer of SolarWinds as recently as 2017. Given the extreme sensitivity of personal taxpayer information entrusted to the IRS, and the harm both to Americans’ privacy and our national security that could result from the theft and exploitation of this data by our adversaries, it is imperative that we understand the extent to which the IRS may have been compromised,” Mr. Grassley and Mr. Wyden wrote.
“It is also critical that we understand what actions the IRS is taking to mitigate any potential damage, ensure that hackers do not still have access to internal IRS systems, and prevent future hacks of taxpayer data,” they wrote.
The senators called the hack “historic” because the breach may have affected not just the Treasury Department, but also the Commerce Department, State Department, Department of Homeland Security, National Institutes of Health, and parts of the Pentagon.
The Texas-based company did not immediately respond to The Epoch Times for comment about the breach.
The Federal Bureau of Investigation (FBI) is investigating the hack of SolarWinds technology, which caused a breach of U.S. government systems, authorities confirmed Wednesday.
The SolarWinds Orion platform, which was compromised, is used by all five branches of the U.S. military and numerous government agencies.
Networks within the federal government were affected by the breach, which was done by inserting malware, or malicious code, into software updates for Orion.
“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the Office of the Director of National Intelligence said in a joint statement with the FBI and the Department of Homeland Security Agency’s cybersecurity agency, known as CISA.
CISA issued an emergency directive late Dec. 13 after news of the hack broke, ordering all government agencies using the vulnerable products to disconnect the affected devices from the internet.
Brandon Wales, the agency’s acting director, said in a statement, “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
Zachary Stieber contributed to this report.