A security test carried out by the US Internal Revenue Service (IRS) found that more than 33% of employees, including managers, failed basic network protection procedures.
Inspectors posing as IRS help desk technicians called 100 IRS employees and claimed that a network problem required them to provide their network log-in usernames.
The bogus technicians then also asked the users to change their passwords to one they suggested. The IRS said 35 workers complied with the requests.
With such details hackers could gain high-level access privileges, and the IRS is fearful that disgruntled or ex-employees could be tempted to use the scam.
The results are an improvement however. Four years ago almost 75% of IRS employees failed the same test.
Read more on IT jobs and recruitment
HMRC data shows online IR35 status check tool does not return a result in nearly 20% of cases
IR35 tribunal rules HMRC wrong to pursue ex-DWP IT contractor for £240,000 in unpaid employment tax
HMRC's defence of IR35 online status checker tool likened to 'climate change denial'
IR35 reforms: HMRC urges private sector to start prepping now for April 2020 roll-out