IRS has left US taxpayers at risk of fraud
The US Internal Revenue Service has left American taxpayers at increased risk of identity fraud as the federal agency has consistently neglected to seek out and eliminate known flaws in its security system, according to an internal audit.
Russell George, the Treasury Department’s inspector general for tax administration, determined that the federal government revenue service has only partially completed 42 percent of the corrective plans that were deemed necessary in recent years.
“When the right degree of security diligence is not applied to systems, disgruntled insiders or malicious outsiders can exploit security weaknesses and may gain unauthorized access,” he wrote.
In the report, which was released to IRS officials in September but released to the public Thursday, George went on to describe how the IRS, through negligence, is at risk of “malicious users exploiting accounts with default or blank passwords to steal taxpayer identities and carry out fraud schemes.”
The IRS previously claimed that it had completed the prescribed corrective actions (PCAs) recommended by previous auditors, but George’s report found that eight of the 19 “had not been fully implemented.”
The inspector general report is almost certain to raise concerns over if the IRS is capable of storing personal data as it prepares to accept an influx of information belonging to Americans who enlist in the Affordable Care Act.
“All eight PCAs involve systems containing taxpayer data,” George said, indicating the service simply did not search its servers for “critical and major vulnerabilities.” A number of software updates had yet to be released, and some user accounts were unnecessarily vulnerable.
“The IRS is also increasing its susceptibility to performance and security weaknesses inherent in older software versions, its exposure of taxpayer data to unauthorized disclosure, and its exposure to disruptions of system operation,” the audit continued.
Another factor contributing to the problem is “weakened management controls,” George discovered. He advised officials to take up six new training methods that would improve the capabilities of employees charged with uploading data.
The IRS told the Washington Post it would issue a new manual in response to the audit.
