[ISN] Audit of IRS reveals problems with security measures

From: mea culpa (jerichoat_private)
Date: Wed Dec 02 1998 - 00:18:18 PST

  • Next message: mea culpa: "[ISN] Computer Hacker on the Lam Again"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimeat_private for more info.
    
    --------------0783F9480594AB5286FDAD7E
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.981201153830.1494Uat_private>
    
    
    Forwarded From: darek milewski <darekmat_private>
    
    http://cnn.com/US/9812/01/irs.security/index.html
    
    
    Audit of IRS reveals problems with security measures
    $100 million delivered by a bicyclist      
    December 1, 1998
    Web posted at: 5:22 a.m. EST (1022 GMT)
    
    WASHINGTON (CNN) -- A new audit of the Internal Revenue Service's security
    operation has found potentially costly problems at the agency.  IRS used
    bicycle couriers to transport taxpayers' checks to banks and hired
    employees with criminal pasts, according to the audit by the congressional
    General Accounting Office.  At one office, a bicycle messenger was
    entrusted with up to $100 million in deposits every day. 
    
    The GAO said a courier left a $200 million deposit unattended in a car
    with a window open. 
    
    Investigators found that unarmed couriers driving civilian cars alone, or
    riding bicycles were used at four IRS service centers, to deliver tens of
    millions of dollars in taxpayer checks. 
    
    IRS Commissioner Charles Rossotti did not challenge results of the audit
    released Monday but said the IRS is taking steps to remedy its security
    weaknesses. 
    
    "We take our responsibility to protect taxpayer information very
    seriously," Rossotti said. "We plan to continue working with GAO to do
    everything possible to ensure the security of taxpayer information and
    payments." 
    
    The GAO visited IRS service centers in Atlanta;  Philadelphia; Austin,
    Texas; and Ogden, Utah, from April 20-23, during this year's tax filing
    peak. Practices at district offices in Los Angeles, northern California
    and northern Texas were also observed. 
    
    Although the deposits did not include cash, taxpayer checks contain such
    private information as bank account and Social Security numbers, names and
    addresses and signatures. They can be "cloned," using account numbers,
    into fake bank accounts if stolen.  "The theft of one peak season deposit
    could place a significant administrative burden on IRS to contact
    taxpayers and initiate stop payment orders on tens of thousands of
    checks," GAO investigators wrote. 
    
    The audit did not identify any instances of such a theft.  But the GAO did
    cite lack of adequate background checks in 12 of the 80 IRS employee
    thefts, or about 15 percent, investigated from January 1995 to July 1997.
    Those 80 thefts totaled some $5.3 million and were detailed in a previous
    GAO audit. 
    
    In most cases, delays in receiving fingerprint results, combined with a
    crush of new hires during peak filing season, meant that some people were
    on the job before their backgrounds were thoroughly vetted by the IRS. The
    employees handle cash, checks and private taxpayer information. 
    
    The IRS hired 20,000 seasonal employees this year to handle peak filing
    season, when up to 100,000 pieces of mail a day are received and processed
    at agency service centers. The fingerprint checks took an average of 68
    days -- one took 141 days -- instead of the 21 days that had been
    expected. 
    
    GAO also found that taxpayer checks were often stored in unrestricted
    areas, contrary to IRS policy, meaning unauthorized employees would have
    greater access to them.  In one case, the documents were stored in a
    hallway adjacent to a fitness center where anyone could enter
    unchallenged. 
    
    Rossotti said the agency intends to have better deposit transporting
    methods in place by August 1999 and other security improvements involving
    handling of receipts should be ready by January 1. 
    
    In addition, IRS within two months intends to have a new, live fingerprint
    scanner at 17 sites, including the 10 service centers, that can complete
    FBI checks within five days, Rossotti said. 
    
    Still, Sen. William Roth, chairman of the Senate Finance Committee, which
    oversees the IRS, expressed dismay over the audit's findings. 
    
    "The IRS has a responsibility to protect taxpayers' money and to safeguard
    each taxpayer's personal information,"  said Roth, R-Del. "Unfortunately,
    many of the service centers have not been taking appropriate precautions." 
    
    --------------0783F9480594AB5286FDAD7E--
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:01 PDT