How the IRS Is Leaving Your Financial Data Unprotected

The tax agency needs to better audit its own accounts, according to the Government Accountability Office.

GAO officials discovered that Internal Revenue Service was not sufficiently monitoring databases for abnormal activity that could indicate a breach. They also found poor encryption on key agency systems. In addition, this is the seventh consecutive year the IRS has failed to patch security vulnerabilities that could compromise financial data, a review of GAO reports dating back to 2007 reveals.

"Serious weaknesses remain that could affect the confidentiality, integrity, and availability of financial and sensitive taxpayer data," Nancy Kingsbury, GAO managing director for applied research and methods, and Gregory Wilshusen, GAO director for information security issues, wrote in a new report.

The IRS did not apply critical patches in a timely fashion to multiple systems, including programs for procurement and email, the auditors said. In addition, the agency was running unsupported software on workstations and databases that developers are not even issuing security fixes for anymore. GAO officials also noticed that systems handling transfers of financial data were not configured to encrypt login information.