June 2, 2015 Jeff Greene, Symantec Director of Government Affairs NAM and Senior Policy Counsel, testified before the Senate Homeland Security and Governmental Affairs Committee at a hearing titled "The IRS Data Breach - Steps to Protect Americans' Personal Information."
In his testimony, Greene discussed the current cyber threat landscape, some common types of attacks, how breaches occur, and security measures to protect data and prevent breaches. The Senators were particularly interested in how the IRS's Knowledge-Based Authentication (KBA) system was compromised, and what can be done to prevent and detect future attacks. Greene differentiated the intrusions at the IRS from recent breaches at major retailers. Rather than this being a single breach, this was actually 100,000 individual compromises of taxpayers' identities using personal information that was obtained previously, either through theft or from the public internet.
Greene talked about how coupling a second form of authentication with KBA systems greatly improves security, and how data analytics can be used to detect patterns that indicate fraudulent activity. He also warned the Senators that copycat attacks often follow after widespread news coverage of a lucrative compromise. The IRS reported that this attack led to 13,000 fraudulent tax returns resulting in a $39 million loss.
Other witnesses at the hearing were John Koskinen, Commissioner of the Internal Revenue Service; Terence Millholland, IRS Chief Technology Officer; Michael Kasper, an individual directly affected by the breach; and Kevin Fu, an electrical engineering and computer science professor from the University of Michigan.