[Moderator: "The audit by the congressional General Accounting Office of six IRS facilities also found that 397 computer tapes containing taxpayer data had been lost." - Why does this scare me so?] Forwarded From: Will Spencer <will.spencerat_private> http://abcnews.go.com/sections/tech/DailyNews/irscomputers990112.html IRS Computers Vulnerable GAO Says Taxpayer Data At Risk By Curt Anderson The Associated Press W A S H I N G T O N, Jan. 13 Chronic weaknesses in the IRS computer system are putting sensitive personal information about taxpayers at risk of improper uses, including theft and fraud, according to an audit released on Tuesday. The audit by the congressional General Accounting Office of six IRS facilities also found that 397 computer tapes containing taxpayer data had been lost. "Personal information on IRS computers is at risk to unauthorized disclosure, destruction or modification, and most alarmingly, to identity theft," said Senate Governmental Affairs Committee Chairman Fred Thompson, R-Tenn., who requested the audit. The GAO credited the Internal Revenue Service with making some major leaps forward in improving computer security since another critical audit in April 1997. The IRS says it has corrected 75 percent of the problems identified in that report. A List of Problems But the GAO said "serious weaknesses" remain. Among them: * Computer hackers could access IRS data with relative ease because information isn’t encrypted before it is transmitted over telephone lines. IRS says it has no evidence such a crime has occurred. * Too many IRS employees have access to sensitive computing areas, and some tapes containing taxpayer information have been lost. * Employees without a need to know have the ability to change or delete taxpayer information. Some tapes and disks are not overwritten before being used again, allowing unauthorized access to some of this information, including Social Security numbers. * The new IRS system aimed at catching employees who illegally "browse" through taxpayer files is working on only one of several computer systems, and it cannot detect which activities are legitimate and which are not. * Few contingency plans are in place in case of disaster, such as an alternative computer processing site or effective backup electric generators. IRS Working On Problems In a written response, IRS Commissioner Charles Rossotti said he agreed with many of the conclusions and GAO recommendations, but he insisted that the agency is well on the way to a more complete turnaround. Rossotti, whose background in the private sector focused on information systems, said the initial focus has been on larger data processing systems and it is now moving into other areas. But he noted that making these changes at the agency's over 1,000 facilities cannot be completed in a few years. A new centralized IRS systems office completed a review of what needed to be done at all district offices in December and has now begun examining all other offices. "We believe that managing risk and prioritizing corrective actions and resources is the key to making needed and measurable improvements," Rossotti said in his response. "Protecting taxpayer information and the systems used to deliver services to taxpayers are key to the success of a customer-focused IRS." -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:15:49 PDT