IRS Leaves Taxpayer Data Insecure, GAO Finds

  /     /     /  
Publicated : 22/11/2024   Category : security


IRS Leaves Taxpayer Data Insecure, GAO Finds


Annual audit of the agencys financial and tax systems notes that some earlier problems remain and identifies new ones.



Mobile Government: 10 Must-Have Smartphone Apps (click image for larger view and for slideshow)
The Internal Revenue Service still has IT security holes that could put taxpayer data at risk, according to a report from the Government Accountability Office.
The IRS identified the security of taxpayer data as its top management priority for fiscal 2013, and the GAO credits the agency for steps taken in response to
security issues
identified in earlier audits of its computer systems. But the report notes that some problems with the agencys financial and tax-processing systems remain and identifies new ones.
The GAO notes that the IRS collects and maintains personal and financial information on U.S. taxpayers in data centers in Detroit, Memphis and Martinsburg, W.V. Protecting the confidentiality of this sensitive information is paramount. Otherwise, taxpayers could be exposed to loss of privacy and to financial loss and damages resulting from identity theft or other financial crimes, the report says.
[ What can federal IT teams do to protect their systems, networks and data? Read
Next Steps In Data Center Security
. ]
The GAO audited the IRSs security efforts over the past 12 months. Among the vulnerabilities identified in the GAO report are easily-guessed passwords, passwords that hadnt been changed in almost two years, and storing unencrypted user names and passwords in a file with a revealing name. The report makes no mention of actual security breaches during the period audited.
The IRS also has been lax with data encryption and in controlling access to databases, servers, and systems, the GAO found. And the tax-collection agency has failed to update its systems within 30 days of software patches being released, according to the GAO.
Cybersecurity training is another area where the IRS needs to improve. Although the agencys policies require that all new employees and contractors receive security awareness training during their first two weeks on the job, the GAO found that more than half of contractors were not in compliance.
The Obama administration has made the
continuous monitoring
of federal IT systems a government-wide initiative. The report found that although the IRS has taken steps toward implementing continuous monitoring, it has not defined monitoring and assessment metrics.
The GAO made four recommendations for remediation. The IRS needs to:
-- Update policies and procedures for system access.
-- Strengthen the testing and evaluation of authentication controls.
-- Update mainframe testing and evaluation processes.
-- Establish more comprehensive documentation of continuous monitoring strategies.
In a separate report with limited distribution, the GAO also made 30 specific recommendations on a range of other issues it identified.
InformationWeeks 2013
Government IT Innovators program
will feature the most innovative government IT organizations in the 2013 InformationWeek 500 issue and on InformationWeek.com. Does your organization have what it takes? The nomination period for 2013 Government IT Innovators closes April 12.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
IRS Leaves Taxpayer Data Insecure, GAO Finds