The Internal Revenue Service has thousands of insecure, unauthorized Web servers connected to its network, putting taxpayer information at risk.
A
TIGTA acknowledged that some of the unauthorized Web servers could be legitimate and support IRS operations, but added there was a risk that the servers were being used for non-business purposes. Some of the servers were unintentionally running Web services.
In response to the findings, the IRS plans to disconnect unauthorized Web servers from the network. Its Computer Security Incident Response Center will also perform quarterly security assessment scans to measure compliance with security requirements.