Following up on last week's post, GAO, TIGTA Warned Of IRS's Lax Computer Security For Years Before Hack Of 100,000 Taxpayer Accounts On IRS Website: Washington Post, IRS Failed to Address Computer Security Weaknesses, Making Attack on 104,000 Taxpayers More Likely, Watchdog Says:
A government watchdog told lawmakers Tuesday that the Internal Revenue Service has failed to put in place dozens of security upgrades to fight cyberattacks, improvements he said would have made it “much more difficult” for hackers to gain access to the personal information of 104,000 taxpayers in the spring.
“It would have been much more difficult if they had implemented all of the recommendations we made,” J. Russell George, the Treasury Inspector General for Tax Administration, told the Senate Finance Committee at a hearing on the data breach, which the IRS says was part of an elaborate scheme to claim fraudulent tax refunds.
George and IRS Commissioner John Koskinen also said the thieves are operating a worldwide criminal syndicate that originates not just in Russia but in many other countries. ...
Internet security for the IRS has been the inspector general’s top concern since 2011. His investigators audit the agency’s security systems every year and suggest improvements. For example, they are now auditing the effectiveness of the process for authenticating data when Americans file their tax returns.
As of March, 44 of those upgrades had not been completed, including vital security patches, George said. Ten of the recommendations were made more than three years ago.