TIGTA report: IRS security controls 'weak'

U.S. taxpayers' personal information is vulnerable to identity theft because the IRS is plagued by computer security breaches.

That's according to an audit by the Treasury Inspector General for Tax Administration (TIGTA). "We are very concerned that authorization and authentication controls are weak on devices as sensitive as routers and switches," read the March 26 report, released this week. Routers and switches are used to direct network traffic. "A disgruntled employee, contractor or hacker could reconfigure routers or switches to disrupt computer operations and steal taxpayer information in a number of ways."

The inspector general found the IRS allowed employees and contractors to access 374 accounts that could be used to perform system administration duties. But of those, 141 either had expired authorizations or had never been properly authorized, the report said.

It went on: "A hacker accessing a poorly configured router could gain full control of the IRS network. For example, an unscrupulous person could divert data traffic through a third-party system on its way to the intended destination."

The report also said that the IRS is not properly reviewing "audit trial logs" for its systems.

The IRS contends that action has already been taken. Employee accounts are locked after 45 days of inactivity and removed after 90 days of no use. No unauthorized or unnecessary shared accounts exist any longer. The IRS noted in a prepared statement that it was not aware "that any taxpayer data has been compromised due to a security breach."

Peter Sepp, vice president for communication at the National Taxpayers Union in Washington, D.C. criticized the agency in Newsday for repeated security problems. "Not only has this agency stumbled in implementing modern data processing, but it's opened its records to security issues for a number of years." Even so, he believes filing tax returns electronically is less risky than using the mail.

The IRS's independent Oversight Board and the Government Accountability Office have each pointed out security problems at the tax agency.

You may like these other stories...

The law makes it difficult for itemizers to deduct medical expenses. To reap any write-off, you must pay bills that aren't covered by insurance, reimbursed by employers or otherwise satisfied by, for example, a company-...
Drug patents held overseas can pare makers’ tax billsAs the Obama administration tries to stop companies from avoiding taxes by moving their headquarters overseas, the makers of some of the world’s most lucrative...
Starting in October, the IRS will send warning letters to tax return preparers who appear not to be complying with Earned Income Tax Credit (EITC) due diligence requirements.Section 6695(g) of the Internal Revenue Code...

Already a member? log in here.

Upcoming CPE Webinars

Oct 9In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards.
Oct 15This webinar presents the requirements of AU-C 600, Audits of Group Financial Statements (Including the Work of Component Auditors).
Oct 21Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience’s communication style.
Oct 23Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.