The Internal Revenue Service's failure to use strong passwords, install patches quickly, and adequately control access to computer systems and information makes the system vulnerable to insider threats and attacks from outside, a new government report concludes.
The IRS has failed to fix almost 70 percent of control weaknesses and program deficiencies identified a year ago, the Government Accountability Office said in a report released last week.
Specifically, the IRS has corrected or mitigated 28 of 89 weaknesses and deficiencies found, but left 61 of them unresolved, according to the report.
For example, the agency continues to install patches in an untimely manner, use passwords that are not complex, and allows unencrypted transmission of user and administrator log-in information. All the while, it fails to adequately control user access, log and monitor security events, and physically protect its computer resources, the report said.
For more on this story, read Taxpayer data at risk from IRS security flaws on CNET News.