The General Accounting Office, Congress's watchdog agency, has published a report citing security lapses in the Internal Revenue Service computer system. The report cites the IRS for failure to "implement adequate computer controls to ensure the security of its electronic filing system."
The GAO study was conducted a year ago, and IRS Commissioner Rossotti has indicated that some of the problems uncovered in the report have since been corrected. Mr. Rossotti has stated that the e-file system in particular is now safe.
Although the report focused on the e-file tax return filing program, the report also indicated that other data collected from taxpayers by the IRS is at risk, with both individual and business information accessible by hackers.
GAO "hackers," using nothing more than hand-held wireless personal digital assistants (PDAs), were able to retrieve Social Security numbers and other sensitive information from e-file returns. In addition, GAO auditors unearthed weaknesses in the IRS computer system which included improperly configured operating systems, inadequate password protection, and lack of encryption on elecronically filed tax returns.
In addition, the GAO discovered that the IRS issued over $2 billion in refunds last year to taxpayers who filed tax returns electronically but who did not sign or otherwise authenticate their tax returns.
The GAO will conduct a follow-up study after this tax filing season.