Treasury Inspector General: No Taxpayer Info Exposed in SolarWinds Hack ‘At This Time’

December 25, 2020 Updated: December 25, 2020

There is currently no evidence that taxpayer information was exposed in the SolarWinds hack, the Treasury Inspector General for Tax Administration (TIGTA), J. Russell George, said in a letter to lawmakers on Dec. 23.

SolarWinds technology is used by five branches of the U.S. military, numerous government agencies, and hundreds of Fortune 500 companies.

At least seven agencies, including the Departments of Defense, State, Homeland Security, Energy, Treasury, and Commerce were compromised after hackers used an update to exploit the network management software and distribute malware.

The breach reportedly went undetected for months. According to SolarWinds, as many as 18,000 customers who use the company’s Orion software ended up installing a malicious update, making it one of the biggest hacks ever uncovered. It has prompted the creation of a multi-department task force to respond to the threat.

But in a letter addressed to Reps. Bill Pascrell (D-N.J.) and Mike Kelly (R-Pa.) on Wednesday, the TIGTA said there is “at this time no evidence” to suggest that taxpayer information was exposed as a result of the breach to the Internal Revenue Service’s network.

George noted that his office became aware of the cyberattack on Dec. 13, after which it immediately reached out to the IRS’s Computer Security and Incident Response Center.

“TIGTA takes seriously its IRS oversight responsibility, including the safeguarding of taxpayer information,” he wrote in the letter to Pascrell and Kelly, who lead the Oversight Subcommittee within House Ways and Means Committee.

“TIGTA will continue working with the IRS in conducting additional forensic reviews and network log analysis as additional information related to this event becomes available,” George continued.

Initial reports by the media stated that Russian hackers were believed to be responsible for the attack.

Then on Dec. 14, the Russian foreign ministry posted in a statement on Facebook saying that the allegations were “another unfounded attempt by the U.S. media to blame Russia for hacker attacks on U.S. governmental bodies.” It said that Russia “does not conduct offensive operations in the cyber domain.”

A week later, Attorney General William Barr said he and Secretary of State Mike Pompeo also believed that Russian hackers were likely involved in the attack.

“From the information I have, I agree with Secretary Pompeo’s assessment—it certainly appears to be the Russians, but I’m not going to discuss it beyond that,” Barr said. President Donald Trump suggested China could have been responsible.

Treasury Secretary Steven Mnuchin told CNBC in an interview on the same day that the hack had only impacted the Treasury’s unclassified systems.

“We do not see any breaking into our classified systems. Our unclassified systems did have some access,” Mnuchin said about the massive hack. “I will say that the good news is there has been no damage, nor have we seen any large amounts of information displaced.”

With at least 32 federal agencies having purchased SolarWinds Orion software since 2006, there is a strong possibility that more agencies will announce their systems have also been compromised or hacked in the coming weeks or months.

Microsoft last week said that it found the malicious software in its system. The company said around 30 of the affected customers were in the United States.

“It’s certain that the number and location of victims will keep growing,” Microsoft President Brad Smith said in a blog post on Dec. 17.

Tom Ozimek contributed to this report.