Internal Revenue Service records, including taxpayer information, are vulnerable to tampering or disclosure because it has not yet fixed dozens of information security weaknesses, according to a government report.
The existing problems, the congressional Government Accountability Office said, included giving too many people access to sensitive material, failure to encrypt all sensitive data and weak physical security controls.
One data center allowed at least 17 individuals access to sensitive areas without justifying a need based on their job duties. Another center did not perform periodic reviews of records accounting for mechanical keys used to gain access to sensitive areas. The IRS also continues to use passwords that are not complex, and it installs patches in an untimely manner, the report indicated.
One reason for the weaknesses, the GAO said, is that the IRS has not yet fully implemented an agencywide information security program.
“Until these weaknesses are corrected, the agency remains particularly vulnerable to insider threats,” including unauthorized access to taxpayer information; disclosure, modification or destruction of that information, and disruption of operations and services.
Effective information security controls are critical for an agency that last year collected about $2.7 trillion in taxes and enforced the nation’s tax laws, the report said.
The IRS has made progress in some areas, including implementing controls for user IDs for certain critical services and improving physical protection for its procurement system, GAO said.
In addition, it said the IRS should identify individuals with significant security responsibilities for specialized training and enhance oversight of contractors to ensure they are complying with security policies.
Acting IRS Commissioner Linda Stiff, in response to the report, wrote that the agency recognizes “there is significant work to be accomplished to address our information security deficiencies and we are taking aggressive steps to correct previously reported weaknesses.”
Was this article valuable?
Here are more articles you may enjoy.
Johnson Controls Unit to Pay $750M to Settle ‘Forever Chemicals’ Lawsuit 
Travelers Survey: Distracted Drivers Making US Roads More Dangerous 
Dog-Related Injury Claim Payouts Hit $1.12B in 2023, Report Shows 
Poll: Consumers OK with AI in P/C Insurance, but Not So Much for Claims and Underwriting 
Want to stay up to date?
Get the latest insurance news
sent straight to your inbox.