IRS neglects IT security, risking taxpayer data: Watchdog

The ‌IRS’s ⁢Battle to Secure Taxpayer ⁢Information

The IRS is facing a major challenge in ‌protecting taxpayer information from cyber attacks. A recent audit report by the Treasury Inspector General for Tax Administration (TIGTA) ⁤revealed that the IRS ⁢has been struggling to address IT security vulnerabilities, leaving sensitive data at risk.

According to​ federal ‌laws, all federal agencies, including the IRS,​ are required to identify and fix IT security gaps. However, between 2005 and 2022, the IRS created ‌over 10,000 corrective action plans to address these weaknesses, but failed to finalize 2,555 of them.

A Risky Situation

The failure to⁢ close these corrective ​action plans puts the IRS at risk of ​exploitation ​by threat ⁤actors, as highlighted by the TIGTA report.

A Litany ⁢of Failures

The TIGTA report revealed that the IRS has eight different status categories for these plans, including accepted, completed, and ​in-progress. Shockingly, over 500 plans were‌ classified as “late,” with 23 of them having critical or high-risk severity‍ ratings. ​Some​ of these security vulnerabilities were identified six years ⁣ago.

Furthermore, the report found that certain business units within the IRS were not⁢ creating corrective plans in a timely manner or failing ⁣to provide⁣ the necessary information. The worst-performing units lacked internal management processes for handling these plans.

The TIGTA report also criticized the IRS for not accurately tracking the resources required to resolve security weaknesses and failing ​to update the estimated budget with actual costs.

Recommendations for Improvement

The TIGTA recommended that the IRS establish best practices for IT security, develop an agency-wide‍ process for fixing gaps,‌ prioritize ‌staffing and‍ resource allocations, and improve budgeting for remedial action.

In response to the ⁤findings, ‍the IRS acknowledged ‍its shortcomings‌ and ‌attributed them to ⁤staffing shortages and increasing workloads. The agency pledged ⁣to take steps to strengthen IT security, including ‍hiring more staff and seeking ‍input from stakeholders.

The IRS also expressed its intention to‍ allocate some of the additional ​funding provided by the Inflation Reduction Act, amounting to ⁢$80 ‌billion, to ‍address IT security weaknesses.

Loss of Sensitive ⁤Records

Unfortunately, IT security is not the only area where the IRS has fallen short in‌ protecting taxpayer data. Another recent report revealed that the agency lost track of thousands of microfilm cartridges containing millions ‍of sensitive ​tax​ records.

A Careless Approach

The TIGTA review criticized ⁢the IRS for⁢ its careless handling of‍ sensitive taxpayer information​ and ⁤the loss of valuable⁢ records.