Serious security weaknesses in the Internal Revenue Service's data system have left millions of taxpayers' sensitive financial information vulnerable to hackers.
The agency claims it has fixed the problem, but its auditors beg to differ.
A new report released by the Treasury Inspector General for Tax Administration (TIGTA) found that although the IRS claimed it had implemented 19 fixes to secure the system recommended by the auditor in previous years, at least eight (or 42 percent) of them "had not been fully implemented," and should not have been checked off as completed.
The auditors said the IRS never tracked its progress on the repairs, and in many cases, it closed cases without submitting documentation to prove the fix was complete. The auditors blamed it on "weakened management controls."
The report also found that the agency didn't properly scan servers—which contain taxpayer information—for "major vulnerabilities," or properly lock user accounts, and it did not update software on databases.
"When the right degree of security diligence is not applied to systems, disgruntled insiders or malicious outsiders can exploit security weaknesses and may gain unauthorized access," Treasury Inspector General J. Russell George said.