IRS continues to lose machines - and they're not alone

Anne Broache blogs on News.com's Security Blog that the IRS continues to have troubles holding onto computers. Between 2003-2006, 490 IRS computers were lost or stolen. Quite an improvement over the 2,300 missing computers five years ago. But IRS computers on eBay doesn't exactly make the heart jump.

"If lost or stolen, taxpayer data can be used for identity theft and/or other fraudulent purposes," said a report released late last month by the Treasury Inspector General for Tax Administration.

And the losses were so preventable. Just a little matter of locking up the machines - at home and onthe job. It's not just employee procedures:

Auditors also found that laptop security was lax. Of 100 computers tested by the inspectors, 44 contained unencrypted "sensitive" data, including information about taxpayers and IRS personnel. Backup data stored on portable media at four offsite locations visited by the inspectors were also unencrypted and insufficiently protected from physical intrusion.

Last week, Anne had reported on a GAO study that found that IRS procedures are woefully inadequate.

"Significant weaknesses in access controls and other information security controls continue to threaten the confidentiality, integrity, and availability of IRS's financial and tax processing systems and information," the Government Accountability Office said in a report released Friday.

And the IRS has company: The FBI lost 160 laptops, according to a report earlier this year. And the Commerce Dept lost another 1,138 - 249 with sensitive information.