– Weak password protections that enabled investigators to accurately guess passwords and, in some instances, found passwords posted in plain view
– Insufficient controls over access to files and directories containing sensitive tax data that violated the IRS’s own need-to-know policy, that if you don’t need to know the information, you do not get in
– Inadequate restrictions on access to individuals without authority to modify tax data that left files susceptible to accidental or deliberate changes
– Non-encryption of data that IRS policies said required encryption
The GAO report said that the IRS moved to fix the problems noted in the study and the IRS maintains that it found no evidence of any actual break-ins of IRS systems. However, the GAO noted that the IRS did not have adequate procedures to detect such intrusions, so it could not say conclusively that no unauthorized entries actually took place.
Links:
FBI Internet Fraud Complaint Center: http://www.ifccfbi.gov/
General Accounting Office: http://www.gao.gov/
Internal Revenue Service: http://www.irs.gov/
New York Post: http://www.nypost.com/
Go To Page: 1 2
