TIGTA report: IRS security controls 'weak'

U.S. taxpayers' personal information is vulnerable to identity theft because the IRS is plagued by computer security breaches.

That's according to an audit by the Treasury Inspector General for Tax Administration (TIGTA). "We are very concerned that authorization and authentication controls are weak on devices as sensitive as routers and switches," read the March 26 report, released this week. Routers and switches are used to direct network traffic. "A disgruntled employee, contractor or hacker could reconfigure routers or switches to disrupt computer operations and steal taxpayer information in a number of ways."

The inspector general found the IRS allowed employees and contractors to access 374 accounts that could be used to perform system administration duties. But of those, 141 either had expired authorizations or had never been properly authorized, the report said.

It went on: "A hacker accessing a poorly configured router could gain full control of the IRS network. For example, an unscrupulous person could divert data traffic through a third-party system on its way to the intended destination."

The report also said that the IRS is not properly reviewing "audit trial logs" for its systems.

The IRS contends that action has already been taken. Employee accounts are locked after 45 days of inactivity and removed after 90 days of no use. No unauthorized or unnecessary shared accounts exist any longer. The IRS noted in a prepared statement that it was not aware "that any taxpayer data has been compromised due to a security breach."

Peter Sepp, vice president for communication at the National Taxpayers Union in Washington, D.C. criticized the agency in Newsday for repeated security problems. "Not only has this agency stumbled in implementing modern data processing, but it's opened its records to security issues for a number of years." Even so, he believes filing tax returns electronically is less risky than using the mail.

The IRS's independent Oversight Board and the Government Accountability Office have each pointed out security problems at the tax agency.

You may like these other stories...

As mentioned in today’s “Bramwell’s Lunch Beat” via an article from the USA Today, a new report from the Treasury Inspector General for Tax Administration (TIGTA) found that the IRS doled out $2.8...
London Stock Exchange switches auditing to EYThe London Stock Exchange will drop PwC as its auditor and replace it with EY after completion of the audit for the year ending March 2014, Harriet Agnew of the Financial Times...
With tax season in the past, it's time to think about the tax implications of decisions your clients may be making about their homes in 2014. The rules are complicated and because of the huge amounts involved, the...

Upcoming CPE Webinars

Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.
May 1
This material focuses on the principles of accounting for non-profit organizations’ expenses. It will include discussions of functional expense categories, accounting for functional expenses and allocations of joint costs.