The Senate House Oversight Committee severely questioned the Department of Education and IRS information security officers regarding a potential breach in the tax agency's Data Retrieval Tool that is used to determine federal student financial aide.
Citing a potential cybersecurity issue, the Internal Revenue Service (IRS) removed the Data Retrieval Tool earlier this year, which automatically pulls in parents tax return data from the Free Application for Federal Student Aid (FAFSA) portal. About 100,000 students may have had their information leaked. IRS officials said the move was made after learning cybercriminals used information obtained from outside the tax system to hack into FAFSA in order to snatch additional information that would allow them to file false tax returns. At this time it is not known how many people were affected by this intrusion
"It seems like it was incumbent on the Department of Education to inform us in a timely fashion. I think it's in violation of the law. I know we're going to pursue that more," Connolly said, according to The Hill.
The tool was placed offline in early March. The tax agency said it will remain unavailable until extra security measures can be added and that it recognizes this is a major inconvenience. Until the tool is patched tax information will have to be input manually into the very complex FAFSA form.
“While this tool provides an important convenience for applicants, we cannot risk the safety of taxpayer data. Protecting taxpayer data has to be the highest priority, and we will continue working with FSA to bring this tool back in a safe and secure manner,” said James W. Runcie, Federal Student Aid chief operating officer, in a statement in March.