Drake Software blog for tax pros, covering tax, IRS news, and more

GAO Finds IRS Should Do More to Protect Taxpayer Information

The Government Accountability Office (GAO) has issued a report that says IRS measures still fall short when it comes to protecting the personal information of taxpayers. While the 50-page report credits the Internal Revenue Service for improvements in its Taxpayer Protection Program (TPP), it finds the IRS, at the time the GAO audit was carried out, had overlooked a key threat in its risk assessment of computer systems.

A risk assessment poses scenarios to the network or system being tested, and sees if the defenses in place are good enough to stop unauthorized access. The GAO says the IRS failed to test the possibility that hackers would have access to personally identifiable information (PII) for taxpayers that allows the intruder to side-step defenses.

This is the scenario that played out in 2014, when fraudsters used stolen personal information to get past IRS defenses and steal hundreds of thousands of income tax return through the Get Transcript tool on the IRS web site. The Get Transcript tool is now operating again after being shut down, although the GAO says its security should be beefed up even more.

TPP is used to authenticate the identities of suspicious filers in an effort to block fraudulent returns. It uses “singled-factor” authentication procedures that use one of three elements:

  • Something You Know
  • Something You Have, or
  • Something You Are

The GAO acknowledges that at one time, this would have been sufficient to stop most security hacks. But with personal information now available to cyber-criminals through Internet searches or phishing websites, yesterday’s security is today’s security liability.

In its response, the IRS agreed with the recommendation to include the missing assumption into future risk assessments, and to continue to strengthen security methods.

Bob Williams

Forget genes; I’ve got words in my DNA. Communication has been part of who I am nearly all my life. From a long career in radio news to another one in newspapers – and a University of Georgia journalism degree sandwiched between the two – language has been my life. I’ve also been fortunate to have learned the tax business from the ground up here at Drake, starting with 1040.com online forms some years ago before moving on to work on the Web. In all things tax-ish, we aim to give you tools you can use.

comments powered by Disqus