Taxpayer Data Theft Likely due to IRS security flaws
The Internal Revenue Service's failure to use strong passwords, install patches quickly, and adequately control access to computer systems and information makes the system vulnerable to insider threats and attacks from outside, a new government report concludes.
The IRS has failed to fix about 70 percent of control weaknesses and program deficiencies identified a year ago, the Government Accountability Office said in a report released last week.
Specifically, the IRS has corrected or mitigated 28 of 89 weaknesses and deficiencies found, but left 61 of them unresolved, according to the report.
For example, the agency continues to install patches in an untimely manner, use passwords that are not complex, and allows unencrypted transmission of user and administrator log-in information. All the while, it fails to adequately control user access, log and monitor security events, and physically protect its computer resources, the report said.
"Newly identified and the unresolved information security control weaknesses in key financial and tax processing systems continue to jeopardize the confidentiality, integrity, and availability of financial and sensitive taxpayer information," the report warns.
"Until these control weaknesses and program deficiencies are corrected, the agency remains unnecessarily vulnerable to insider threats related to the unauthorized access to and disclosure, modification, or destruction of financial and taxpayer information, as well as the disruption of system operations and services," the report concludes.
The IRS has failed to fix about 70 percent of control weaknesses and program deficiencies identified a year ago, the Government Accountability Office said in a report released last week.
Specifically, the IRS has corrected or mitigated 28 of 89 weaknesses and deficiencies found, but left 61 of them unresolved, according to the report.
For example, the agency continues to install patches in an untimely manner, use passwords that are not complex, and allows unencrypted transmission of user and administrator log-in information. All the while, it fails to adequately control user access, log and monitor security events, and physically protect its computer resources, the report said.
"Newly identified and the unresolved information security control weaknesses in key financial and tax processing systems continue to jeopardize the confidentiality, integrity, and availability of financial and sensitive taxpayer information," the report warns.
"Until these control weaknesses and program deficiencies are corrected, the agency remains unnecessarily vulnerable to insider threats related to the unauthorized access to and disclosure, modification, or destruction of financial and taxpayer information, as well as the disruption of system operations and services," the report concludes.
