TIGTA report: IRS security controls 'weak'

U.S. taxpayers' personal information is vulnerable to identity theft because the IRS is plagued by computer security breaches.

That's according to an audit by the Treasury Inspector General for Tax Administration (TIGTA). "We are very concerned that authorization and authentication controls are weak on devices as sensitive as routers and switches," read the March 26 report, released this week. Routers and switches are used to direct network traffic. "A disgruntled employee, contractor or hacker could reconfigure routers or switches to disrupt computer operations and steal taxpayer information in a number of ways."

The inspector general found the IRS allowed employees and contractors to access 374 accounts that could be used to perform system administration duties. But of those, 141 either had expired authorizations or had never been properly authorized, the report said.

It went on: "A hacker accessing a poorly configured router could gain full control of the IRS network. For example, an unscrupulous person could divert data traffic through a third-party system on its way to the intended destination."

The report also said that the IRS is not properly reviewing "audit trial logs" for its systems.

The IRS contends that action has already been taken. Employee accounts are locked after 45 days of inactivity and removed after 90 days of no use. No unauthorized or unnecessary shared accounts exist any longer. The IRS noted in a prepared statement that it was not aware "that any taxpayer data has been compromised due to a security breach."

Peter Sepp, vice president for communication at the National Taxpayers Union in Washington, D.C. criticized the agency in Newsday for repeated security problems. "Not only has this agency stumbled in implementing modern data processing, but it's opened its records to security issues for a number of years." Even so, he believes filing tax returns electronically is less risky than using the mail.

The IRS's independent Oversight Board and the Government Accountability Office have each pointed out security problems at the tax agency.

You may like these other stories...

Bay Area Woman Guilty in Investment Scam That Caused Over $9 Million in Losses A San Jose, California, woman was convicted December 18 of a federal fraud charge for running a Ponzi scheme that bilked more than 250...
Long Beach Tax Return Preparer Sentenced to Prison  Rathana Ung of Orange County, the former director and officer of Lim's Income Tax and Lim's Tax, Inc. in Long Beach, was sentenced to twelve months and a...
By Jason Bramwell, Staff Writer The Public Company Accounting Oversight Board (PCAOB) will reexamine for public comment a proposal that would require the names of the engagement partner and certain other participants in...

Upcoming CPE Webinars

Jul 16
Hand off work to others with finesse and success. Kristen Rampe, CPA will share how to ensure delegated work is properly handled from start to finish in this content-rich one hour webinar.
Jul 17
This webcast will cover the preparation of the statement of cash flows and focus on accounting and disclosure policies for other important issues described below.
Jul 23
We can’t deny a great divide exists between the expectations and workplace needs of Baby Boomers and Millennials. To create thriving organizational performance, we need to shift the way in which we groom future leaders.
Jul 24
In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the integrity of your spreadsheets, but reduce maintenance as well.