Watchdog jittery about IRS computers

Watchdog says tax collectors haven't done enough to guard against unscrupulous employees, contractors and hackers.

EMAIL  |   PRINT  |   SHARE  |   RSS
 
google my aol my msn my yahoo! netvibes
Paste this link into your favorite RSS desktop reader
See all CNNMoney.com RSS FEEDS (close)

How much credit card debt do you currently have?
  • More than $10,000
  • $1,000 - $10,000
  • Less than $1000
  • None

WASHINGTON (CNN) -- As taxpayers rush to file tax returns, independent auditors are warning that the Internal Revenue Service has not done enough to safeguard some of its computer systems, leaving sensitive taxpayer information vulnerable to disgruntled IRS employees, contractors or hackers.

Unscrupulous people could "reconfigure [computer] routers and switches" and "steal taxpayer information in a number of ways, including diverting information to unauthorized systems," according to the Treasury Inspector General for Tax Administration (TIGTA) office, which serves a watchdog function over the IRS.

The IRS says it has addressed the concerns raised in the report.

At issue is the security of routers and switches, devices that determine the proper path for data to travel between computer networks, TIGTA said. Because the IRS sends sensitive taxpayer and government information across its networks, it must have security controls to deter and detect unauthorized users.

The report does not indicate whether any taxpayer information has ever been misdirected or stolen from IRS computers, but said that in more than 84% of the 5.2 million times employees accessed a system to administer and configure routers, they used "accounts" that were not properly authorized.

To ensure security, the IRS had authorized 374 accounts for employees and contractors to use to access routers and switches to perform system administration duties, the TIGTA said. Of those, authorization for 86 had expired at the time of TIGTA's review in 2007, and there was no record that 55 employee and contractor accounts had ever been authorized.

"We are particularly concerned that 27 of the 55 employees and contractors had accessed the routers and switches to change security configurations," wrote Michael R. Phillips, the deputy inspector general who wrote the report.

In addition, nine accounts were still active, even though the employees and contractors had not accessed the system for more than 90 days, the report says. The IRS should have automatically prevented users from accessing routers and switches after 90 days, it says.

The report does not say whether anyone wrongly obtained taxpayer information or if taxpayer information was misused, but says it is continuing to review security to see whether changes made to the computer system were appropriate or warranted.

In a written response accompanying the report, the IRS said it has made some changes and is continuing to improve the control and monitoring of controls and switches. All 369 users now have current and valid authorizations on file, the IRS said.

-- from CNN Producer Mike M. Ahlers  To top of page

Features
They're hiring!These Fortune 100 employers have at least 350 openings each. What are they looking for in a new hire? More
If the Fortune 500 were a country...It would be the world's second-biggest economy. See how big companies' sales stack up against GDP over the past decade. More
Sponsored By:
 
8 must-have travel apps Whether you've got wanderlust or an airline grievance, here are some apps to pack onto your phone. More
Hot stocks: 10 record breaking companies The S&P 500 is trading at all-time highs, and many well-known businesses are leading the charge. Time to buy or sell? More
My biggest retirement mistake Five CNNMoney readers share stories about saving that you can learn from. What they would do differently if they had another chance. More


Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.