TIGTA report: IRS taxpayer data is vulnerable to hackers

By AccountingWEB Staff
Personal information sent to the IRS is vulnerable to hackers, according to an audit report released Thursday.
Among the findings of the IRS watchdog, the Treasury Inspector General for Tax Administration (TIGTA):
  • 2,200 databases used by the IRS to manage and process taxpayer information are not secure, are run on out-of-date software, and do not get security patches.
  • The IRS did not fully implement a $1.1 million database vulnerability scanning and compliance assessment tool.
"Any failure to maintain IRS databases with the right amount of security diligence can allow disgruntled insiders or malicious outsiders to exploit security weaknesses to gain unauthorized access to taxpayer data, resulting in identity theft, fraud, or other types of illegal activity," J. Russell George, the inspector general in charge of the audit, said in a statement.
The IRS issued its own statement in response to the report, which is reprinted below.
The audit report said that, increasingly, databases are being targeted by attackers, citing a 2009 report that found that 30 percent of all known security breaches were against databases. "This trend was particularly disturbing because when a database was breached, 75 percent of the records were compromised," the report said.
Auditors tested the primary databases for 13 applications that support tax administration business processes. All of the databases had high and medium-risk vulnerabilities, the report said. The report noted that no single office is in charge of ensuring that databases are configured properly; rather, it is a "loosely shared responsibility" across several offices.
The report also said that "vulnerability scans" of the databases were incomplete and were not conducted often enough. The scanning tool was never fully employed, the report said. The IRS cited major technical difficulties due to multiple implementations of the database software across the agency.
The report included seven recommendations to improve database security. The IRS agreed with the recommendations, and issued the following statement:
"The IRS takes the security of our databases very seriously. We want to be very clear that while this report points out a number of technical issues, many of which have been resolved, there is no direct assertion that any taxpayer data is at risk. In fact, it should be noted that many of the databases referenced in this report don't store any taxpayer data at all.
"The IRS emphasizes these databases are used internally and are not directly accessed by the public.
"Security enhancement is an ongoing investment as the external world changes. We continue to make substantial investments, and test our capabilities on an ongoing basis.
"It's also important to note there have been no actual data breaches involving these databases."
Related items:

You may like these other stories...

Did you know that the tax code allows you to claim tax deductions for household damage caused by thefts, vandalism, fires, floods, hurricanes, and others kinds of casualties? But the law imposes several restrictions.Relief...
Inversions: Loophole Is the ProblemJacob J. Lew, the U.S. Treasury Secretary, published an opinion piece in the Wall Street Journal that "the system has become full of inefficiencies and special-interest loopholes. That...
School tax breaks get House support as Democrats objectRichard Rubin of Bloomberg reported that the House of Representatives on Thursday voted to expand and simplify tax breaks for education as Republicans continue to pass...

Upcoming CPE Webinars

Jul 31
In this session Excel expert David Ringstrom helps beginners get up to speed in Microsoft Excel. However, even experienced Excel users will learn some new tricks, particularly when David discusses under-utilized aspects of Excel.
Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.
Aug 20
In this session we'll review best practices for how to generate interest in your firm’s services.
Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.