IRS lapses put taxpayer info at risk
Tuesday, March 20, 2012
Many taxpayers are still waiting for their refunds in part because of processing delays caused by Internal Revenue Service changes designed to prevent identity theft and tax-filing fraud.
But a recent investigation by the Government Accountability Office indicates that the IRS also needs to be looking inwardly when it comes to tax data threats.
The government watchdog office says that despite "numerous controls and procedures intended to protect key financial and tax-processing systems…control weaknesses in these systems continue to jeopardize the confidentiality, integrity, and availability of the financial and sensitive taxpayer information processed by IRS's systems."
Computer hacker photo by Yuri_Arcurs via iStock
Yikety!
Specifically, according to the GAO report, the IRS has serious issues with:
- Implementing controls for identifying and authenticating users, such as requiring users to set new passwords after a prescribed period of time;
- Appropriately restricting access to certain servers;
- Ensuring that sensitive data were encrypted when transmitted;
- Auditing and monitoring systems to ensure that unauthorized activities would be detected; and
- Ensuring management validation of access to restricted areas.
But wait, there's more.
The IRS used unpatched and outdated software, exposing it and the data it collected to known vulnerabilities. And the agency did not enforce backup procedures for a key system.
I repeat, yikety!
So what's the deal?
"An underlying reason for these weaknesses is that IRS has not fully implemented a comprehensive information security program," according to the GAO.
It has established a comprehensive framework for such a program and made strides to address control deficiencies, according to the GAO. But the agency has not yet fully put in place all key components of the program.
The current situation, says the GAO, undermines IRS assurances that "sensitive agency and taxpayer information is being sufficiently safeguarded from unauthorized disclosure or modification."
The GAO report recommended a half dozen security steps the IRS take ASAP. The group also sent the IRS a separate report with another 23 specific actions to correct newly identified control weaknesses.
The IRS has agreed to develop a detailed plan to deal with the security issues.
"We appreciate your continued support and guidance as we work to improve our security posture and look forward to working with you to develop appropriate measures," said IRS Commissioner Douglas Shulman in a letter to the GAO. The commissioner also promised to provide the GAO with a detailed corrective action plan addressing each of the investigators' recommendations.
What else could the commish say?
Let's hope this system improvement implementation goes more smoothly than the one that's screwing up the 2012 filing season.
And as for us taxpayers, from now on when we file our returns each year, we also should take advantage of getting a free annual credit report just in case some of our data slipped through IRS fingers.
You also might find these items of interest:
- Tax preparers receiving threats from frustrated filers
- $1.4 million refund stolen by ID thief
- IRS, Justice Department ID theft crackdown
nets criminals nationwide
Comments
You can follow this conversation by subscribing to the comment feed for this post.