Amidst all the pronouncements from the Internal Revenue Service touting the number of taxpayers flocking to electronic filing in one form or another, the Government Accountability Office has issued a report warning that the threat of a security breach remains high.
The GAO's March 24 report did praise the IRS for working to improve its information security over the past year, but said that the agency still needs to implement a comprehensive information security program.
"Collectively, these weaknesses increase the risk that sensitive financial and taxpayer data will be inadequately protected against disclosure, modification or loss, possibly without detection, and place IRS operations at risk of disruption," the GAO said in its executive summary.
The report later added, " Until the IRS fully implements a comprehensive, agency-wide information security program, its facilities and computing resources and the information that is processed, stored and transmitted on its systems will remain vulnerable."
The report found that the IRS has failed to adequately implement electronic access controls like user accounts and passwords, user rights and file permissions, and security-related event monitoring. The IRS also has not done enough to physically secure computers and networks or crack down on unauthorized software changes, the report said.
In a review initiated after last year's GAO report highlighted more than 40 weaknesses in the agency's system, the IRS said that it did not find any evidence of lost or stolen taxpayer data.
