Senate Finance Committee Chairman Max Baucus (D-Mont.) commented today on a report that uncovered serious lapses in computer security at the Internal Revenue Service (IRS). The audit by the Office of the Treasury Inspector General for Tax Administration (TIGTA) discovered that IRS employees, including managers, are not complying with the basic computer security practice of protecting their passwords. TIGTA conducted a sting operation, convincing 61 out of 102 IRS employees contacted by telephone to disclose their usernames and temporarily change their passwords to ones TIGTA suggested. Applying TIGTA’s “success" rate of 60 percent, almost
60,000 of the IRS’s 100,000 employees and contractors are susceptible to computer hackers,
putting untold amounts of personal taxpayer information at risk for unauthorized disclosure, theft and fraud.
From Chairman Baucus:
“Despite repeated warnings, IRS workers continue to show reckless disregard for computer security. Continued failure in this area is leaving millions of American taxpayers vulnerable to identity theft and other fraudulent schemes. Every IRS employee should take personal responsibility for protecting confidential taxpayer information. The IRS must take this problem more seriously and take aggressive steps to ensure that all employees understand and carry out security requirements."
The audit was initiated as part of TIGTA’s statutory requirement to annually review the adequacy and security of IRS technology. The overall objective of the review was to evaluate the susceptibility of IRS employees to attempts by hackers to gain access to IRS systems. The full report, “Employees Continue To Be Susceptible To Social Engineering Attempts That Could Be Used By Hackers," number 2007-20-107, is available online at http://www.treas.gov/tigta/auditreports/2007reports/200720107fr.pdf.
Source: Ranking Member’s News
