Happy tax season! Here’s some news you will not appreciate: the IRS is extremely sloppy with the sensitive personal information it receives from taxpayers—to the point that visitors, unauthorized employees, and former employees may have access to it.
A recent Government Accountability Office report chastised the agency for its practices, writing that “taxpayers could be exposed to loss of privacy and to financial loss and damages resulting from identity theft or other financial crimes.”
They determined that the IRS had “a significant deficiency in internal control over financial reporting systems.” One example: “Because employees and visitors may be allowed inappropriate access to restricted areas, IRS has reduced assurance that its computing resources and sensitive information are being adequately protected from unauthorized access.”
The report—unambiguously titled “IRS Needs to Continue Improving Controls over Financial and Taxpayer Data”—notes that this is a problem the agency was already aware of, while it “has not effectively implemented” new rules intended to shore up their systems:
Other careless IRS practices include failing to take security measures with passwords, and giving users “excessive privilege” when using applications, like being able to “access or change tax payment-related data.” In one case, a mishandled database resulted in employees being able to access information “potentially exceeding his/her job duties, and affecting IRS’s ability to control the integrity of the data.”
It’s been a year of great reviews for the IRS–last month, an Inspector General report revealed that the IRS had rehired hundreds of employees who cheated on or misfiled their own taxes, committed fraud, and falsified documents.
(h/t Reason)
