IRS security flaws expose taxpayer data to snooping
Security flaws in computer systems used by the Internal Revenue Service expose millions of taxpayers to potential identity theft or illegal police snooping, according to a congressional report released today.
The IRS also is unlikely to know if outsiders are browsing through citizens' tax returns because it doesn't effectively police its computer systems for unauthorized use, the Government Accountability Office found.
The report was released three days after the deadline for filing personal income tax returns, and at a time when concerns about identity theft and computer security are running high. "This lack of systems security at the IRS is completely unacceptable and needs to be corrected immediately," said Rep. James Sensenbrenner (R-Wis.), chairman of the House Judiciary Committee.
The IRS promised to fix any problems and find out if tax returns had been exposed to outsiders.
Over the past several years, the agency has taken steps to protect the information it collects, the report found. The agency has fixed 32 of the 53 problems that turned up in a 2002 review. But the GAO found 39 new security problems on top of the 21 that remain unfixed.
Along with $2 trillion in tax receipts, the IRS also collects information on money laundering and other possible financial crimes for the government's financial-intelligence office. But barriers between tax returns and money-laundering reports don't exist, the GAO found. Thus, a police officer checking up on money-laundering reports can also read personal tax returns, in violation of federal law.
In all, 7,500 IRS employees, law enforcers and outside contractors can access and modify tax returns and financial-crime reports, the GAO found. A master list of passwords and usernames is also widely available, the report said.