BREAKING: WASHINGTON TIMES REPORT
The IRS sometimes uses old software without key security patches that leave its computer systems vulnerable and could endanger taxpayers’ private information, the Government Accountability Office said Thursday.
GAO investigators raised the issue last year, identifying 69 weaknesses. The IRS said it had corrected two dozen of them, but the new audit found just 14 of them were actually fixed, leaving dozens of weaknesses still to be resolved.
Part of the problem is that the IRS hasn’t even always followed its own guidelines for assessing risks and creating information security plans, the GAO said.
The findings forced the GAO to list the IRS as having “a significant deficiency” in financial reporting systems.
Among the specific problems investigators found were that the IRS was lax in requiring good passwords and forcing employees to change them frequently and the agency allowed too many people to ave access to critical tax-payment data.
Investigators also said the agency didn’t cancel some accounts in a timely fashion — with one still active, though it was supposed to have been removed in April 2009.
READ THE ENTIRE REPORT HERE: