How safe is our info with the IRS?

January 9, 2008 7:40:35 PM PST
The I.R.S. usually gets to do the audits on us, but today, the audit was done on them. Congressional investigators today released the results of that audit and the results were not good.

Congressional investigators at the Government Accountability Office (GAO) wanted to know how well the I.R.S. protected your sensitive information from people who shouldn't have it. The answer in short -- not very well.

We put all sorts of personal information on our tax documents: our Social Security numbers, our banking account information, and even how much we make at work.

The GAO conducted a seven-month audit of the federal tax agency and concluded that "financial and taxpayer information is at increased risk of unauthorized disclosure, modification or destruction."

We talked to GAO congressional investigator, Greg Wilshusen in Washington D.C. this afternoon. He says "the bottom line is that the I.R.S. needs to take immediate actions to correct numerous pervasive weaknesses."

Among the key findings in the report, passwords used by IRS employees are vulnerable to being compromised and thus could be used by unauthorized individuals to gain access to sensitive information.

Too many IRS employees have access to information they don't need to perform their jobs. Sensitive information is not encrypted on IRS computers and perhaps the most troublesome, only 29 of 98 recommendations made last year by the GAO to improve information security at the IRS have been implemented.

"We will go back next year and verify the actions they have taken," says Greg Wilshusen, Government Accountability Office.

The IRS denied a request for an on-camera interview but in a written response to the report, IRS interim director, Linda Stiff, agreed her agency has not fully implemented its information security program and that the IRS has significant work to be accomplished to address its security deficiencies. She pledged to take aggressive steps to correct previously reported weaknesses.

The GAO also warned that much more needs to be done to protect information on 52,000 laptops computers used by I.R.S. employees.