madison
Home / News & Blogs

Taxpayer data at risk from IRS security flaws

Elinor Mills CNET News | March 23, 2010 10:52 AM PDT

Summary

The Internal Revenue Service's failure to use basic security precautions makes the system vulnerable to insider threats and attacks from outside, a new government report concludes.

Topics

Internal Revenue Service, security, IRS, Elinor Mills CNET News
The Internal Revenue Service's failure to use strong passwords, install patches quickly, and adequately control access to computer systems and information makes the system vulnerable to insider threats and attacks from outside, a new government report concludes.

The IRS has failed to fix almost 70 percent of control weaknesses and program deficiencies identified a year ago, the Government Accountability Office said in a report released last week.

Specifically, the IRS has corrected or mitigated 28 of 89 weaknesses and deficiencies found, but left 61 of them unresolved, according to the report.

For example, the agency continues to install patches in an untimely manner, use passwords that are not complex, and allows unencrypted transmission of user and administrator log-in information. All the while, it fails to adequately control user access, log and monitor security events, and physically protect its computer resources, the report said.

For more on this story, read Taxpayer data at risk from IRS security flaws on CNET News.

Talkback Most Recent of 29 Talkback(s)

  • I'll never E-file!
    I'll never E-file. I don't want my medical records on-line either!

    Risk/Reward ratio just isn't favorable.
    ZDNet Gravatar
    wkulecz
    23rd Mar 2010
  • Maybe a noble thought it is an exercise in futility.
    It seems to me whether we e-file or paper file our records are on their
    computers. Doctors offices have their records on computer, same with
    hospitals. Medical facilities are online, having been so for years. Recall,
    for doctors to be reimbursed by the feds they submit their bills online.
    Many insurance companies request online billing. I don't think we as
    individuals can opt-out of that process.

    Remember, our drivers information, banking information, the list is
    never ending are all on computers someplace. Most have online access.
    ZDNet Gravatar
    BubbaJones_
    23rd Mar 2010
  • One group has more information on you
    That is Google. Why worry about the government when the biggest stock of data on the most people is on Google servers. And people just keep flocking to give them more.
    ZDNet Gravatar
    jorjitop
    24th Mar 2010
  • More accurate if you do
    Your tax return is entered into a computer regardless.
    Once it's entered the only difference is whether you
    entered the figures, or whether an overworked-
    underpaid employee squinting at your scribble (is that a
    9 or 4?) entered the figures.

    Your call, of course.
    ZDNet Gravatar
    snberk341
    23rd Mar 2010
  • Never e-file? Bad Decision!
    All of the risks mentioned exist regardless of whether you e-file or not. Your data is at risk regardless of whether it's gets entered to the IRS computers manually or electronically. I would rather know my data got entered accurately (via e-file) than take the chance some seasonal employee fat-fingered something!
    However, it does scare the heck out of me that they don't seem to be taking even basic steps to safeguard taxpayers' sensitive data.
    ZDNet Gravatar
    Heck if I Know
    24th Mar 2010
  • From someone who knows...
    There is more information available on the paper form than from the electronic image. And just like the electronic image the paper document is in file until it is no longer valuable.
    ZDNet Gravatar
    windozefreak
    24th Mar 2010
  • Actually, your records ARE on-line
    whether you have e-filed or not. Every tax record is kept in unified format. The only difference is that without signing up for the service, YOU cannot see your records...
    But you don't need to e-file. You can still do it the paper way and VIEW your records. Then you will see that the records go back quite some time...
    ZDNet Gravatar
    Mahegan
    24th Mar 2010
  • Your data is keyed in when you mail your return!
    What did you think they did with the paper? It gets keyed, which means another human must read it. Better to e-file. Oh, and have you read the recent stories about (a very small number of) postal employees stealing the contents of envelopes?
    ZDNet Gravatar
    dofzin
    24th Mar 2010
  • Over-worked / Under-paid...
    THank you for my afternoon laugh. An overworked / underpaid federal employee..... HAHAHAHAHHAH. Oh God that's funny.
    ZDNet Gravatar
    NetworkBankAdmin
    23rd Mar 2010
  • Oh My That Is Funny.
    I have YET to meet an overworked gov employee. Come in the office @ 9am have coffee and bs sessions until 10:30 or 11:00 work for an hour or so have lunch come back work a little more have afternoon bs session. Well time to go home. And they are paid 30 or more an hour for this $hit. So how can i get one of these jobs.
    ZDNet Gravatar
    MLHACK
    23rd Mar 2010
  • Oh well, maybe we have different ones then.
    My experience is with the Canadian civil service.... my wife was public
    servant for many years. I'm not saying that there aren't free-loaders
    (but then what organization of any size doesn't have some dead-
    wood?) however.... in the several offices my wife worked in the
    dedication to serving the public was exemplary.

    In her last job the unit she worked in (managing the funding of grant
    applications for projects that funded homeless shelters) routinely
    worked unpaid overtime, ate lunch at their desks, and worked their
    b*tts off to get certain projects approved by HQ. There was no reward
    for them to get these projects funded (despite HQ's initial rejection)
    except that they knew it would help. Much easier to tell a project "No,
    you haven't been approved." But, for a deserving project they really
    went that extra mile.

    No bonuses, little over-time pay, little reward outside of the unit.

    Yep, my experience is different. Maybe it's a cultural thing.
    ZDNet Gravatar
    snberk341
    23rd Mar 2010
  • and as the history of public-private partnerships show
    it was actually cheaper and better in the long run to leave private industry out of the picture.
    ZDNet Gravatar
    Mahegan
    24th Mar 2010
  • Ya, I'm pretty sure Canada hasn't merged with the U.S. yet.
    ZDNet Gravatar
    AzuMao
    24th Mar 2010
  • Obama Care
    According to the new Health Care Reform act,
    these are the folks that will be handling your
    medical and insurance information. The IRS is
    slated to get between 12,000 to 16,500
    (depending on which pundit is talking) new
    workers to enforce the new laws.

    Deeee-lightful.
    ZDNet Gravatar
    aureolin
    23rd Mar 2010
  • F***ing government
    So, max your dependencies, get as little taken out of your check and stop filing taxes. If we all did that, what can they do? We have the numbers.
    ZDNet Gravatar
    fuguein_d@...
    23rd Mar 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity