Audit Uncovers Weaknesses In Security Features Of IRS Computer System

Washington, DC (AHN) - A report by the Treasury Inspector General for Tax Administration released Monday pointed out weaknesses in the internal security of the federal Internal Revenue Service, particularly its being prone to hacker attack.

This places American taxpayers at risk for identity theft. The report, quoted by the Los Angeles Times, said, "We are very concerned that authorization and authentication controls are weak on devices as sensitive as routers and switches... A disgruntled employee, contractor or hacker could reconfigure routers or switches to disrupt computer operations and steal taxpayer information in a number of ways."

Among the highlights of the review was a finding that of 374 employee and contractor accounts used for system administration tasks, 141 had expired authorization or not property authorized. In response, the IRS said it locked certain accounts found to be inactive for 45 days and deleted those unused for 90 days.

The report also discovered 34 unauthorized shared user accounts which accessed over 84 percent of the 5.2 million taxpayers record in the IRS' Terminal Access Controller Access Control System.

Despite the weaknesses, the IRS said to its knowledge there has been no instance when taxpayer data was illegally accessed due to the security breach, said Kevin McKeon, IRS spokesman for its New York unit.

Two earlier studies recommended similar measures that focused on closing security gaps. The IRS Oversight Board said $32 million was needed to beef up the IRS' security, while the Government Accountability Office recommended the IRS to correct security lapses.