TIGTA report: IRS taxpayer data is vulnerable to hackers
by AccountingWEB on
By AccountingWEB Staff
Personal information sent to the IRS is vulnerable to hackers, according to an audit report released Thursday.
Among the findings of the IRS watchdog, the Treasury Inspector General for Tax Administration (TIGTA):
- 2,200 databases used by the IRS to manage and process taxpayer information are not secure, are run on out-of-date software, and do not get security patches.
- The IRS did not fully implement a $1.1 million database vulnerability scanning and compliance assessment tool.
"Any failure to maintain IRS databases with the right amount of security diligence can allow disgruntled insiders or malicious outsiders to exploit security weaknesses to gain unauthorized access to taxpayer data, resulting in identity theft, fraud, or other types of illegal activity," J. Russell George, the inspector general in charge of the audit, said in a statement.
The IRS issued its own statement in response to the report, which is reprinted below.
The audit report said that, increasingly, databases are being targeted by attackers, citing a 2009 report that found that 30 percent of all known security breaches were against databases. "This trend was particularly disturbing because when a database was breached, 75 percent of the records were compromised," the report said.
Auditors tested the primary databases for 13 applications that support tax administration business processes. All of the databases had high and medium-risk vulnerabilities, the report said. The report noted that no single office is in charge of ensuring that databases are configured properly; rather, it is a "loosely shared responsibility" across several offices.
The report also said that "vulnerability scans" of the databases were incomplete and were not conducted often enough. The scanning tool was never fully employed, the report said. The IRS cited major technical difficulties due to multiple implementations of the database software across the agency.
The report included seven recommendations to improve database security. The IRS agreed with the recommendations, and issued the following statement:
"The IRS takes the security of our databases very seriously. We want to be very clear that while this report points out a number of technical issues, many of which have been resolved, there is no direct assertion that any taxpayer data is at risk. In fact, it should be noted that many of the databases referenced in this report don't store any taxpayer data at all.
"The IRS emphasizes these databases are used internally and are not directly accessed by the public.
"Security enhancement is an ongoing investment as the external world changes. We continue to make substantial investments, and test our capabilities on an ongoing basis.
"It's also important to note there have been no actual data breaches involving these databases."
Read the full report, Security Over Databases Could be Enhanced to Ensure Taxpayer Data are Protected.
You may like these other stories...
In Denver, state legislators are probably thinking, "Why didn't we think of this earlier?" The state of Colorado's retail marijuana sales (separate from medical marijuana sales) in January alone generated...
Business tax executives seem to agree with a majority of congressional lawmakers that tax reform is unlikely to happen this year.According to the 2014 Tax Policy Forecast Survey, which was released today by Washington, DC-...
By now, it’s pretty clear that it’s not about the money for former NFL players Hunter Hillenmeyer and Jeff Saturday.After tax authorities in Cleveland, Ohio, applied what the athletes said was unfair taxation...
Upcoming CPE Webinars
BAR is an acronym for: Boundaries, Authority and Role. This simple tool will provide participants with a solid understanding of leadership essentials to improve their performance.
This material is designed to provide a start-to-finish overview of how to plan and complete high-quality small audits efficiently.
In this session Excel expert David H. Ringstrom, CPA shares numerous techniques that you can use to work with charts more efficiently.
Key Accounting and Reporting Issues for Nonprofits No. 1: Overview and Statement of Financial Position
This material focuses on non-profit organizations organization, accounting and reporting.