WASHINGTON – Thousands of taxpayers could be at risk of identity theft or other financial fraud because the Internal Revenue Service has failed to adequately protect information on its 52,000 laptop computers and other storage systems, a new government report concludes.
The IRS did not begin to adequately correct the security problems until the second half of 2006, despite being warned about them in 2003 and again in February 2006, according to a report by the inspector general of the IRS, J. Russell George.
“If taxpayers don’t feel their personal information is protected, that could make them less likely to voluntarily file their taxes,” said assistant inspector general Margaret Begg, whose auditing office studied IRS security policies and practices in place from January 2003 through mid-June 2006.
Nearly 500 IRS laptops were lost or stolen during that 31/2-year period, many from the homes or cars of IRS workers but a significant number – 111 – from IRS offices, the report found. The IRS says one laptop typically contains information on 10 to 25 tax cases.
Although the missing laptops could not be examined, the inspector general’s staff tested 100 laptops currently used by IRS employees and found 44 had “unencrypted sensitive data, including taxpayer data and employee personnel data,” leading investigators to conclude “it is very likely a large number of the lost or stolen IRS computers contained similar unencrypted data.”
No report of identity theft has been linked to the missing laptops, and no taxpayers have been alerted to the potential security breaches, IRS officials say.
In previous reports in 2003 and 2006, the IRS inspector general’s office found that agency employees often failed to encrypt information on laptops and that passwords and other access codes were often easy to bypass. The new report, released Wednesday, found not only that the laptop problems persisted through much of 2006 but identified for the first time similar security holes in backup systems at IRS field and processing offices around the country.
In one instance, “an employee wrote user account names and passwords to the computer and various systems to which the employee has access on a piece of paper that was taped to the laptop,” the report said.
The report attributes the newly identified shortcomings at IRS offices “to a lack of emphasis by management.”
The security lapses described by the report are the latest instance of personal information being put at risk in recent years by a federal agency, even as identity theft has become one of the fastest-growing white-collar crimes. Last May, the Department of Veterans Affairs reported the theft of a computer hard-drive that contained personal information on more than 26 million people. A year ago, the Commerce Department reported that more than a thousand of its laptops were missing, including many containing sensitive information about individuals.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.
