Poor IT security puts US taxpayer data at risk, says government report


Poor IT security puts US taxpayer data at risk, says government report

Warwick Ashford

An audit of the US Inland Revenue Service (IRS) has revealed that multiple security weaknesses make taxpayers' personal data vulnerable.

A report by the Government Accountability Office (GAO) says the IT at the IRS "remains unnecessarily vulnerable" and puts taxpayer information at risk, particularly to insider threats.

According to the GAO, 69% of security weaknesses identified in the 2008 fiscal audit remain unresolved.

"Information security weaknesses continue to impair the agency's ability to ensure the confidentiality, integrity, and availability of financial and taxpayer information," the GAO said.

The report blames the poor security on the fact that the IRS has no comprehensive security management system in place or proper controls on access to sensitive information.

The report reveals that the IRS uses weak passwords, fails to remove user accounts when employees leave, allows excessive file and directory permissions, is slow to install security updates, does not encrypt data transmissions, and does not always do annual risk assessments.

The GAO has recommended that the IRS develop policies and procedures for network security, train contract workers on security awareness, and implement a disaster recovery plan.

"Until IRS takes these steps, financial and taxpayer information are at increased risk of unauthorised disclosure, modification, or destruction," the report said.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy