IRS Slammed For Security Flaws

Dennis Faas's picture

An official report says two IRS computer systems have serious security weaknesses. It also warns information about taxpayers is at risk of falling into the wrong hands.

The report, by the Treasury Inspector General for Tax Administration, a federal agency which monitors IRS performance, details problems with a new billion dollar system which will eventually manage the data for all taxpayers. The Customer Account Data Engine (CADE) already handles 28 million tax returns, around a fifth of the total. The report also covers the Account Management Services (AMS) system, which provides quicker access to the date stored in CADE.

The report brings up dozens of concerns including the following:

  • There's not enough monitoring of staff members who have the ability to access, alter or remove records from the system.
  • Outside contractors have too much unsupervised access to the system itself.
  • There's no checking whether back-up systems are actually working properly.
  • CADE's underlying computer system has an inherent security flaw.
  • There's no automatic log-out meaning staff are able to leave their machines unattended.
  • Personal data is being passed around the system and even transmitted to other agencies without being encrypted.
  • Officials are using genuine current taxpayer records to test the system but there's no procedure to make sure these details are kept secret and then deleted.

Even more worryingly, it appears the people in charge of the two systems have been slow to deal with security problems once they were told about them. In some cases they've even ignored warnings because they didn't agree particular problems represented vulnerabilities in the system. (Source:

One security expert who studied the report says the security systems described aren't even strong enough to meet the industry standard used by firms which process credit card payments, let alone being adequate for the even more detailed personal data found in taxpayer records. (Source:

Rate this article: 
No votes yet