The Internal Revenue Service’s security controls aren’t strong enough to protect taxpayers’ personal information, according to a report released by the Government Accountability Office (GAO) Monday.
The nonpartisan government watchdog said while the agency has taken strides to improve ensuring sensitive information is protected, its safety guards still had “significant control deficiencies.”
The audit found the vulnerabilities were largely due to the IRS’s failure to effectively implement systems it had in place and continued to use outdated, unsupported software on a system used to access and manage taxpayer accounts.
The GAO also discovered the agency failed to fully develop, document and update several security policies, including: controls for authenticating and identifying users, ensuring that sensitive authentication data is encrypted, monitoring systems to make sure they comply with IRS policies and ensuring only authorized employees had access to restricted areas.
“Without proper safeguards, computer systems are vulnerable to individuals and groups with malicious intentions who can intrude and use their access to obtain sensitive information, commit fraud and identity theft, disrupt operations, or launch attacks against other computer systems and networks,” the report stated.
The report found nine of the 28 issues the agency said it had addressed in a former report still remained unresolved.
The watchdog suggested the IRS promptly address the problems identified in the past and the deficiencies found in the latest investigation.
More than 300,000 taxpayers were subjected to a data breach when hackers managed to break into the federal agency’s computer files in 2015.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.