IRS customer data at risk, GAO reports

The Internal Revenue Service’s systems leave taxpayer data at risk according to government auditors.

A new Government Accountability Office report found the IRS improved its security policies and controls in the last year, but still falls short.

IRS corrected just 29 of 105 weaknesses it previously identified. GAO also found 13 of the 29 fixes were incomplete or done improperly.The problem, auditors said, was not lack of policy but a lack of follow-through. The weaknesses mostly dealt with inside threats and weak internal controls on taxpayer information rather than outside breaches or attacks.

GAO said the IRS should take six steps in order to implement its overall information security program. It also listed 23 specific actions to fix newly detected control weaknesses. The IRS agreed to develop a plan of action to address all of these issues.

This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.