TIGTA report: IRS security controls 'weak'

U.S. taxpayers' personal information is vulnerable to identity theft because the IRS is plagued by computer security breaches.

That's according to an audit by the Treasury Inspector General for Tax Administration (TIGTA). "We are very concerned that authorization and authentication controls are weak on devices as sensitive as routers and switches," read the March 26 report, released this week. Routers and switches are used to direct network traffic. "A disgruntled employee, contractor or hacker could reconfigure routers or switches to disrupt computer operations and steal taxpayer information in a number of ways."

The inspector general found the IRS allowed employees and contractors to access 374 accounts that could be used to perform system administration duties. But of those, 141 either had expired authorizations or had never been properly authorized, the report said.

It went on: "A hacker accessing a poorly configured router could gain full control of the IRS network. For example, an unscrupulous person could divert data traffic through a third-party system on its way to the intended destination."

The report also said that the IRS is not properly reviewing "audit trial logs" for its systems.

The IRS contends that action has already been taken. Employee accounts are locked after 45 days of inactivity and removed after 90 days of no use. No unauthorized or unnecessary shared accounts exist any longer. The IRS noted in a prepared statement that it was not aware "that any taxpayer data has been compromised due to a security breach."

Peter Sepp, vice president for communication at the National Taxpayers Union in Washington, D.C. criticized the agency in Newsday for repeated security problems. "Not only has this agency stumbled in implementing modern data processing, but it's opened its records to security issues for a number of years." Even so, he believes filing tax returns electronically is less risky than using the mail.

The IRS's independent Oversight Board and the Government Accountability Office have each pointed out security problems at the tax agency.

You may like these other stories...

Camp Hopes Estate Tax Will Be on Its Way OutAn article in Bloomberg said that Republicans are considering voting this year to repeal the U.S. estate tax, according to House Ways and Means Chairman Dave Camp (R.-Mich.). He...
Senate Takes Different Approach from House for Highway and Bridge FundEarlier this week, according to a New York Times article, the Senate agreed to fill the coffers of the fund that pays for highway and bridge repairs with...
There it stands, your client's 100-year-old, rickety, vermin-infested barn or former hotel or whatever the darn thing once was. And she's considering what to do with it. There are two words that can help her decide...

Upcoming CPE Webinars

Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.
Aug 20
In this session we'll review best practices for how to generate interest in your firm’s services.
Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.