Report Warns: Taxpayer Data, IRS Systems Vulnerable

According to a U.S. Government Accountability Office report released last week, the IRS has corrected 41 of 81 information security weaknesses and needs to strengthen controls to protect data.

"Although IRS has made progress, controls over its key financial and tax processing systems located at two sites were ineffective," the report states. "In addition to the 40 previously reported weaknesses for which the IRS has not completed actions, GAO identified new information security control weaknesses that threaten confidentiality, integrity and availability of IRS' financial information systems and the information they process."

The IRS has failed to deploy controls for access to network management, user accounts and passwords, user rights and file permissions, according to the report. It has also failed to log and monitor security events, physically secure computer resources, and prevent exploitation of vulnerabilities and unauthorized changes to system software, the report states.

"Collectively, these weaknesses increase the risk that sensitive financial and taxpayer data will be inadequately protected against disclosure, modification or loss, possibly without detection, and place IRS operations at risk of disruption," the report states.

The report concludes that the IRS information and systems are vulnerable because the agency has failed to implement a comprehensive, agency-wide information security program.