IRS Security Flaws Expose Taxpayer Data to Snooping

In a breaking news story by Andy Sullivan and published on Computerworld, it was reported that: “Security flaws in computer systems used by the Internal Revenue Service expose millions of taxpayers to potential identity theft or illegal police snooping”.

Also, the IRS is not likely to know if hackers are browsing through tax returns since it doesn’t properly “police its computer systems for unauthorized use”, according to the GAO – “Government Accountability Office”.

The GAO released this report 3 days after the deadline for filing personal income tax returns, when concerns about identity theft and computer security (insecurity) are running high. “This lack of systems security at the IRS is completely unacceptable and needs to be corrected immediately,” according to Rep. James Sensenbrenner (Republican-Wis.), chairman of the House Judiciary Committee.

“The IRS promised to fix any problems and find out if tax returns had been exposed to outsiders.” In the past several years, the IRS has taken measures to protect the info it collects. The IRS has fixed 32 of the 53 problems that were cited in a 2002 review. But now, the GAO has found 39 new security problems on top of the 21 that are still not fixed.

“Along with tax receipts, the IRS collects information on money laundering and other possible financial crimes for the government’s financial-intelligence office. But barriers between tax returns and money-laundering reports don’t exist, the GAO found. Thus, a police officer checking up on money-laundering reports can also read personal tax returns, in violation of federal law.”

The GAO found that some 7,500 IRS employees, law enforcers and outside contractors can access and modify tax returns and financial-crime reports. The report stated that a master list of passwords and usernames is also widely available.

“Increased risk exists that unauthorized users could claim a user identity, and then use that identity to gain access to sensitive taxpayer or Bank Secrecy Act data,” the report said.

Identity thieves have used stolen passwords to access nearly 500,000 profiles of U.S. citizens stored by data brokers ChoicePoint Inc. & LexisNexis, a division of Reed Elsevier.

Now, this is some troubling information. Please check out the full story via the link provided. I guess “Big Brother” is watching many of us!