TIGTA report: IRS security controls 'weak'

U.S. taxpayers' personal information is vulnerable to identity theft because the IRS is plagued by computer security breaches.

That's according to an audit by the Treasury Inspector General for Tax Administration (TIGTA). "We are very concerned that authorization and authentication controls are weak on devices as sensitive as routers and switches," read the March 26 report, released this week. Routers and switches are used to direct network traffic. "A disgruntled employee, contractor or hacker could reconfigure routers or switches to disrupt computer operations and steal taxpayer information in a number of ways."

The inspector general found the IRS allowed employees and contractors to access 374 accounts that could be used to perform system administration duties. But of those, 141 either had expired authorizations or had never been properly authorized, the report said.

It went on: "A hacker accessing a poorly configured router could gain full control of the IRS network. For example, an unscrupulous person could divert data traffic through a third-party system on its way to the intended destination."

The report also said that the IRS is not properly reviewing "audit trial logs" for its systems.

The IRS contends that action has already been taken. Employee accounts are locked after 45 days of inactivity and removed after 90 days of no use. No unauthorized or unnecessary shared accounts exist any longer. The IRS noted in a prepared statement that it was not aware "that any taxpayer data has been compromised due to a security breach."

Peter Sepp, vice president for communication at the National Taxpayers Union in Washington, D.C. criticized the agency in Newsday for repeated security problems. "Not only has this agency stumbled in implementing modern data processing, but it's opened its records to security issues for a number of years." Even so, he believes filing tax returns electronically is less risky than using the mail.

The IRS's independent Oversight Board and the Government Accountability Office have each pointed out security problems at the tax agency.

You may like these other stories...

IRS must take oath on Lerner emails: judgeMackenzie Weinger of Politico reported on Thursday that a federal judge ordered the IRS to explain under oath how it lost emails connected to Lois Lerner, the ex-IRS official at the...
The Republican-controlled House of Representatives passed a bill on Friday morning that would permanently extend the bonus depreciation tax break for businesses.The measure, HR 4718, which was crafted by Representative Pat...
The Republican-led House of Representatives is expected to pass a bill this week that would permanently extend the bonus depreciation tax break. But don’t expect President Obama to sign it.The Obama administration said...

Upcoming CPE Webinars

Jul 16
Hand off work to others with finesse and success. Kristen Rampe, CPA will share how to ensure delegated work is properly handled from start to finish in this content-rich one hour webinar.
Jul 17
This webcast will cover the preparation of the statement of cash flows and focus on accounting and disclosure policies for other important issues described below.
Jul 23
We can’t deny a great divide exists between the expectations and workplace needs of Baby Boomers and Millennials. To create thriving organizational performance, we need to shift the way in which we groom future leaders.
Jul 24
In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the integrity of your spreadsheets, but reduce maintenance as well.