Alert: According to a new audit report from the Treasury Inspector General for Tax Administration (TIGTA), personal information sent to the IRS is vulnerable to hackers. The IRS watchdog revealed the following points:
- 2,200 databases used by the IRS to manage and process taxpayer information are not secure, use out-of-date software and do not receive security patches.
- The IRS did not fully implement a $1.1 million database vulnerability scanning and compliance assessment tool.
“Any failure to maintain IRS databases with the right amount of security diligence can allow disgruntled insiders or malicious outsiders to exploit security weaknesses to gain unauthorized access to taxpayer data, resulting in identity theft, fraud, or other types of illegal activity,” J. Russell George, the inspector general in charge of the audit, said in a statement.
The audit report said that, increasingly, databases are being targeted by hackers, citing a 2009 report that found that 30% of all known security breaches were against databases. “This trend was particularly disturbing because when a database was breached, 75% of the records were compromised,” the report said.
Assessing the risk
Auditors tested the primary databases for 13 applications that support tax administration business processes. All of the databases had high- and medium-risk vulnerabilities, the report said. The report noted that no single office is in charge of ensuring that databases are configured properly; rather, it is a “loosely shared responsibility.”
The report also says that “vulnerability scans” of the databases were incomplete and were not conducted often enough.
The report included seven recommendations to improve database security. The IRS agreed with the recommendations.
Advisory: The IRS added that there have been no actual data breaches involving these databases.
— Adapted from AccountingWEB, Inc., www.accountingweb.com.