Taxpayer Data At IRS Remains Vulnerable

CWmike writes "A new Government Accountability Office report (PDF) finds that taxpayer and other sensitive data continues to remain dangerously underprotected at the IRS. The news comes less than three months after the Treasury Inspector General for Tax Administration reported that there were major security vulnerabilities in two crucial IRS systems. Two big standouts in the latest finding: The IRS still does not always enforce strong password management rules for identifying and authenticating users of its systems, nor does it encrypt certain types of sensitive data, the GAO said."

It's not the first time, it won't be the last.

[GrpA]

That reminds me of what happened in Australia with the taxation department a few years ago.

The ATO put everyone's tax details online and used their Tax File Number ( everyone who pays tax has one ).

Some bright spark noticed his TFN in the URL the day they launched their new service and changed the number only to find that it gave him access to someone else's data.

There were accusations of hacking and all, but it conveniently left out the discussion that it was a pretty obvious and blatant flaw.

The minister responsible was never held accountable. That's why these security breaches keep on happening over here.

I'm pretty sure that there's a similar situation in the US.

GrpA

To answer my question

[BadAnalogyGuy]

According to the IG's report, systems administrators and other privileged users are able to access, modify and delete taxpayer data with impunity because of a lack of monitoring capabilities in the two systems.

So it seems that the system allows for modification of taxpayer data. That's quite a bit different from just having it available.