The Internal Revenue Service is failing to secure its massive computer systems--leaving taxpayer data vulnerable to fraudsters and hackers.
That’s according to a new report from the Government Accountability Office that reviewed the IRS’s IT security and found a “significant deficiency” in its financial reporting systems.
The auditors said the agency is using old, outdated software that doesn’t contain proper security functions and its using old passwords that can easily be compromised.
The probe also found that the IRS isn’t deleting old employee accounts, so former workers can still access the data systems long after they leave the agency.
Co-author of the report, Gregory Wilshusen, said taxpayer data is vulnerable to both outsider attacks as well as insider attacks -- people who already have access to the IRS’s computer systems. During a podcast on the GAO’s website, he described these systems as a “treasure trove” of taxpayer data that could be used by identity thieves and other tax cheats.
The report comes as identity theft is increasingly becoming a serious problem.
In the first half of 2014, The Treasury Inspector General for Tax Administration (TIGTA) reported that 1.6 million taxpayers were affected by identity theft compared to just 271,000 in 2010, as The Fiscal Times previously reported. Auditors attribute the uptick to an increase in electronic filing.
The auditors acknowledged that the agency had improved its security measures slightly from their previous audit, which identified 69 security weaknesses. The agency addressed two dozen, but left at least 20 more unaddressed, leaving GAO to conclude financial and taxpayer data have remained “unnecessarily vulnerable to inappropriate and undetected use.”
The GAO recommended that the IRS should update its policies and software to address the remaining weaknesses. The agency agreed with the recommendations.
Top Reads from The Fiscal Times: