The IRS data retrieval tool that let financial aid applicants automatically import income information into the FAFSA won't be restored for the current aid cycle, said James Runcie, chief operating officer of the Office of Federal Student Aid, in written testimony to Congress Wednesday.
The IRS suspended the website in early March after it detected suspicious activity involving the tool, several months after the agency identified a potential vulnerability in the system. The tool's suspension set off a scramble among student aid advocates to assist applicants affected by the change and led eventually to a hearing of the House Oversight and Government Reform committee on the data breach and the government's response.
Two FAFSA application cycles are running concurrently. The 2016-17 cycle will end June 30, and the 2017-18 aid cycle, which began Oct. 1 of last year, runs through June 30, 2018. Runcie said the department will have an encryption solution for the tool to prevent other breaches in time for the beginning of the next aid cycle on Oct. 1 of this year. By then, the department estimates that 92 percent of expected FAFSA filers for the current cycle will have applied. Devoting the resources to introduce that fix for the remaining 8 percent would have introduced "an unacceptable level of risk," he said.
However, Runcie said that by May 31 the department plans to have the tool back up for student loan borrowers seeking certification for income-driven repayment plans.
The National College Access Network said in written comments to the committee that the tool's suspension was "an emergency, not a mere inconvenience." The group said about 10 million FAFSA applications have yet to be filed this year, mostly from lower-income students who tend to file later in the cycle.
Runcie appeared at the hearing Wednesday along with Department of Education Chief Information Officer Jason Gray, Deputy IRS Commissioner Ken Corbin, IRS Chief Information Officer Gina Garza and Tim Camus, a Treasury Department deputy inspector general.
Republican lawmakers were unhappy with many of the answers they received from witnesses about when the breach occurred and why Congress wasn't notified sooner.
North Carolina Representative Mark Meadows asked at what point agencies would begin notifying Congress promptly of such breaches.
"Because we continue to have breaches," he said. "And yet what happens is we're always coming in after the fact to look at this."