GAO: IRS Weaknesses Put Taxpayer Data at Risk
(CNSNews.com) -- An audit of the Internal Revenue Service’s (IRS) computing systems found numerous weaknesses, giving the agency limited assurance that taxpayer data are protected from “unauthorized access, alteration, and disclosure,” a new Government Accountability Office (GAO) report found.
The report, released this month, is entitled Information Security: IRS Needs to Address Control Weaknesses That Place Financial and Taxpayer Data at Risk. The objective of the audit was to determine whether “IRS’s controls over its key financial and tax processing systems are effective in ensuring the confidentiality, integrity, and availability of financial and sensitive taxpayer information.”
The GAO found that the IRS “had not always effectively implemented access and other controls to protect the confidentiality, integrity, and availability of its financial systems and information. These weaknesses and others in IRS’s security program increase the risk that taxpayer and other sensitive information could be disclosed or modified without authorization.”
Because the IRS did not fully implement access controls, unauthorized individuals or former employees of the IRS could read and copy sensitive data for “malicious purposes or personal gain,” according to the GAO.
“In addition, authorized users could intentionally or unintentionally read, add, delete, or modify data or execute changes that are outside their span of authority.” Also, access privileges allowed all users of the IRS’s internal network to read files and gave administrators more access than needed in certain instances. (pg 8)
The GAO found that the IRS has made some progress in addressing the security issues, but the risk to taxpayer data still exists.
“IRS continued to make progress in addressing information security control weaknesses, improving its internal control over financial reporting,” reads the audit. “[H]owever, serious weaknesses remain that could affect the confidentiality, integrity, and availability of financial and sensitive taxpayer data.”