GAO Blasts IRS for Security Lapses

Congressional watchdog says tax collectors failed to use basic security procedures.
Joseph RadiganMarch 15, 2001

The General Accounting Office published a scathing report on Wednesday, criticizing the Internal Revenue Service for its failure to “implement adequate computer controls to ensure the security of its electronic filing systems.”

Much of the report’s criticism was directed at the IRS’ e-file program for individual taxpayers, but investigators charged that the security weaknesses in e-file exposed other IRS systems containing business data.

The report said GAO investigators were able to make unauthorized entries into IRS computer systems because of the tax agency’s failure to restrict access and follow some of the most basic security features such as encryption.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

While investigators did not cite specific instances where IRS systems had actually been compromised, they did say that individual and business taxpayer data had been left exposed to potential breaches.

The study of the IRS systems was made a year ago during the 2000 tax filing season. In the report, commissioned for Sen. Fred Thompson (R. — Tenn.), the chairman of Senate Governmental Affairs Committee, the GAO said it would make a follow-up investigation to test the IRS’ progress in solving some of the problems.

The GAO also said the IRS had corrected some of these problems in time for the 2001 tax season, and in a letter dated Feb. 8, IRS Commissioner Charles Rossotti wrote that the agency had an active security program and that the e-file system was safe.

Click here to reach the GAO home page. Then click, in succession, “GAO Reports,” “Today’s Reports,” and “March 15, 2001.” The report is numbered, GAO-01-306, and is available in PDF format.