The Internal Revenue Service has thousands of insecure, unauthorized Web servers connected to its network, putting taxpayer information at risk.

A report by the Treasury Inspector General for Tax Administration found that the IRS network has 1,811 internal Web servers that had not been approved to connect to the network, and 2,093 internal Web servers that had at least one security vulnerability. "These unauthorized and insecure Web servers placed both the computers and the entire IRS network at risk of unauthorized access to taxpayer and personally identifiable information," said the report.

TIGTA acknowledged that some of the unauthorized Web servers could be legitimate and support IRS operations, but added there was a risk that the servers were being used for non-business purposes. Some of the servers were unintentionally running Web services.

In response to the findings, the IRS plans to disconnect unauthorized Web servers from the network. Its Computer Security Incident Response Center will also perform quarterly security assessment scans to measure compliance with security requirements.

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access