Government Report Blasts IRS Security, Former Employees Still Access Taxpayer Data

The IRS is failing to secure its massive computer systems, leaving private taxpayer data vulnerable to fraudsters and hackers, a new report from the Government Accountability Office reveals. The report evaluates IRS security and cites significant deficiencies in its financial reporting systems. It comes as worrisome news for millions of Americans who are legally required to file taxes but may be fearful about fraud.

The report says the IRS needs to continue improving controls over financial and taxpayer data. Its release caps a bad six weeks for the IRS and for taxpayers. The annual tax filing season arrived with a bang, punctuated by a big uptick in fears about fraud. There was nearly a bank run when TurboTax suspended filing state tax returns over fraud.

Some taxpayers learned the disturbing news that someone had filed ‘their’ tax return and scooped up their refund. Initially, it was just a state tax problem, not a federal one. Then the FBI started investigating fraudulent IRS returns filed through TurboTax. Taxpayers interviewed about the fraudulent tax filings said their IRS data was compromised too, and returns were filed, perhaps based on 2013 tax return data.

Tax Fraud Queen

The GAO report says the IRS uses old outdated software without proper security functions. IRS passwords can easily be compromised, the report notes. Even worse, the report says the IRS does not always delete employee access when workers quit or are fired.

In fact, former IRS workers still access data systems long after they have no official business with the information and long after they should be cut off. One co-author of the report said the IRS has a treasure trove of taxpayer data that can be used by identity thieves. The timing couldn’t be worse for the IRS.

The agency is still reeling from budget cuts, and taxpayer confidence in the security and credibility of the IRS is not high. The watchdog Treasury Inspector General for Tax Administration reported that reported that 1.6 million taxpayers were affected by identity theft in the first part of 2014. Four years ago, the figure was a fraction of that, presumably due to the rise in electronic filing as well as more sophisticated hackers and identity thieves.

All in all, the GAO report paints a grim picture, suggesting that one need not be a terribly sophisticated hacker to get into the IRS. Even so, the GAO says there are some improvements. One former report said there were 69 security weaknesses at the IRS. Some of those have been addressed, which is good news.

There are fewer now, but there at least 20 security weaknesses that cry out for attention. The GAO recommends that the IRS should update its policies and software to address the remaining weaknesses. Unlike some other reports on the IRS, in this case, the IRS agreed.

Meanwhile, there are still naysayers who worry that TurboTax has been compromised and has lax security procedures. During TurboTax’s state return flap, H&R Block one-upped its rival, stating that it was not impacted. When TurboTax got back in the saddle and resumed processing state tax returns, it added security. Still, no system is perfect.

The IRS monitors identity theft and other types of fraud, and has resources for victims of identity theft. The IRS says it has added and strengthened protections in its processing systems this filing season. Even so, so far this tax filing season has been a kind of perfect storm. It isn’t over yet, not by a long shot.

Add to that all of the new hassles over Obamacare tax filings. It’s no wonder that many taxpayers worry about filing, and when and how to do it to minimize their risks.

For alerts to future tax articles, follow me on Forbes.com. Email me at Wood@WoodLLP.com. This discussion is not intended as legal advice, and cannot be relied upon for any purpose without the services of a qualified professional.

via The Tax Lawyer http://ift.tt/1BhAQw6

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s