Taxpayer information vulnerable to tampering

January 9, 2008

Yikes! Not exactly what you want to hear at the beginning of tax filing season.

But that's the word from the Government Accountability Office (GAO).

Gaologo_2_2 In a report released yesterday, GAO investigators found that IRS records, including taxpayer data, are vulnerable to tampering or disclosure because the agency has not yet corrected dozens of information security weaknesses.

We're a computerized world, and the GAO notes that the IRS takes advantage of such technology to collect taxes (about $2.7 trillion in fiscal year 2007), process returns and ensure compliance. But that also means the agency needs to utilize "effective information security controls."

That, says the GAO, is not happening. In fact, says the government watchdog agency, the IRS has made "limited progress toward correcting previously reported information security weaknesses. It has corrected or mitigated 29 of the 98 information security weaknesses that GAO reported as unresolved at the time of its last review."

That leaves around 70 percent of the information security weaknesses the GAO found previously still unresolved. For example, the IRS continues to use passwords that are not complex, grant excessive access to individuals who do not need it, and be lax in installing patches.

"In addition to this limited progress," says the GAO, "other significant weaknesses in various controls continue to threaten the confidentiality and availability of IRS's financial processing systems and information, and limit assurance of the integrity and reliability of its financial and taxpayer information."

Serious security faux pas: Specifically, the GAO says the IRS does not always:

  1. Properly identify and authenticate computer users,
  2. Limit user access to only those areas users need to perform their job functions,
  3. Encrypt sensitive data,
  4. Effectively monitor changes on its mainframe, and
  5. Physically protect its computer resources.

As a taxpayer, I repeat, Yikes!

A key reason for the weaknesses, says the GAO, is that the agency has not yet fully implemented its agencywide information security program. "As a result, IRS is at increased risk of unauthorized disclosure, modification, or destruction of financial and taxpayer information."

Ya think?

Acting IRS Commissioner Linda Stiff, in response to the report, wrote that the agency recognizes "there is significant work to be accomplished to address our information security deficiencies and we are taking aggressive steps to correct previously reported weaknesses."

I certainly hope so.

Tigta_seal Same song, second verse: Sadly, the GAO findings are not a big surprise. Less than a month ago, the Treasury Inspector General for Tax Administration (TIGTA) issued similar findings of weaknesses in IRS database security controls.

"Previous reviews have demonstrated that control weaknesses could be exploited to gain access to sensitive taxpayer information and disrupt IRS computer operations," said TIGTA in its Dec. 14, 2007, audit.

The IRS, noted the report, "continues to have recurring information security weaknesses that make its databases susceptible to penetration attacks," making the data a potential "target for malicious users intent on committing identity theft and fraud."

To illustrate the vulnerability, TIGTA scanned 1,900 IRS databases (the agency has a total of 2,100) and determined that 11 percent of them had at least one account that used the system default password or worse, a blank password.

In those databases with weak or no passwords was personally identifiable tax information, making the data potentially easy marks for identity thieves and other criminals.

In addition, TIGTA  said that 65 percent of the databases it checked needed to be updated, with more than 300 databases being outdated from 11 months to 20 months.

"As a result, outdated IRS databases were collectively susceptible to nearly 40,000 database vulnerabilities, one-half of which are considered high risk," according to TIGTA.

In response to the TIGTA findings, IRS officials said they plan to "take appropriate corrective actions," i.e., update systems, processes, and training so employees are aware of the steps they must take to secure sensitive taxpayer data from unauthorized individuals.

We shall see.

The official word: You can read highlights of the GAO report here; the full report here.

The TIGTA summary is here; the full report here.

Share:

The More Tax Posts tab at the top of this page will take you to, well, more tax posts. You also can search below for a tax topic. 

Latest Posts
Inflation helps Social Security beneficiaries some, but hurts retirees more

June 10, 2026

Inflation is a double-edged sword for retirees. Cost-of-living increases will bump up Social Security payments…

Read More
Tax Season 2026 Continues!

We made it. Tax Day 2025 is finally over. For most of us. When the filing season started on Jan. 26, millions who were expecting refunds filed immediately. Most of us got our returns to the Internal Revenue Service by April 15. But plenty of taxpayers also got extensions. They are looking at an Oct. 15 filing deadline.

Those procrastinating filers aren’t a problem. In fact, the IRS appreciates taxpayers who take time to fill out their 1040 forms correctly. It also is grateful that tax submissions are spread out a bit, especially now that the IRS is a leaner agency. Processing returns is easier when they arrive throughout the year instead of in massive bunches.

But enough about Uncle Sam’s tax collection issues. The focus now is on all y’all who filed for extensions, giving you another six months to complete your return. Since your new mid-October due date will be here before you know it, let’s get started now on meeting it.

The ol’ blog is here to help you finish up your extended Form 1040. You can start with January’s tax tips page, which has links to the rest of the year’s tips by-month collections. You also can peruse various tax categories for more tailored advice by clicking on the More Tax Posts drop-down menu at the top of this (and every) page.

And to make sure you don’t miss your new filing deadline, the count-down clock below will let you know just how much time you to file by Oct. 15. At the latest.e. (Note: I’m in the Central Time Zone, so adjust accordingly for where you live.)

Credits/Deductions
Disasters
Family
Filing and Paying Taxes
Politics/Laws
Refunds
State Taxes
Tax Brackets/Inflation
Tax Tips
Comments
  • Money Blue Book
    18 years ago

    Quite worrisome. If you can’t trust the limitless resource federal government to keep it’s services secure, who can you really trust?
    -Raymond

Comments are closed.