One big question lingered Wednesday after a hearing on a data breach involving an IRS tool deployed by the Education Department to help people with student aid applications: Who is accountable when two or more agencies together provide a service that is breached?
Billy Mitchell of FedScoop reports on how the House Oversight and Government Reform Committee pushed the chief information officers from the two federal entities to explain how such an incident could have been handled better. Reps. Darrell Issa and Gerry Connolly led the bipartisan pushback.
One problem identified in the hearing: The Education Department didn’t mark the problem as a breach because its own data was never exposed. Even though the intrusion happened through FAFSA.gov, a student aid site, the problem was with an IRS tool. Tax cheats were using information via the breach to file thousands of fraudulent tax returns.