GAO Report: Taxpayers’ Data at Risk in IRS’ Hands

Published April 18, 2016

Ignoring past audits and warnings, the Internal Revenue Service (IRS) continues to implement too few safeguards against computer and physical intrusions into taxpayers’ private data records, a government watchdog agency reports.

The U.S. Government Accountability Office (GAO), a nonpartisan government agency providing auditing, evaluation, and investigative services for Congress, released a new report in April detailing IRS’ shortage of information-technology and physical-security measures protecting taxpayers’ personal data.

‘Significant Control Deficiencies’

Despite prior documentation and national news stories exposing IRS practices opening taxpayers up to data breaches and other fraudulent activities from both external and internal threats, the audit found “significant control deficiencies” remain and are preventing the agency from ensuring the “confidentiality, integrity, and availability of financial and sensitive taxpayer information.”

GAO says IRS failed to consistently implement physical security measures in its data centers, allowing unauthorized employees and visitors access to restricted areas.

Other failures cited include using weak or outdated passwords on servers containing sensitive data and allowing multiple employees to share security credentials.

Information Overload

Alexander Hendrie, a federal affairs manager at Americans for Tax Reform, says IRS has in its possession too much information about taxpayers.

“Look at the kind of information that a taxpayer needs to give the IRS each year: Just for Obamacare, they’re supposed to verify things like Social Security number, citizenship, income, address, [and] then you need to list your spouse and dependents,” Hendrie said.

IRS, like the rest of the federal government, has a history of failing to serve taxpayers well, Hendrie says.

“I think there’s definitely a pattern of failure here when it comes to the federal government,” Hendrie said. “When you look at and also a lot of the state portals, some of these systems’ infrastructure was so poor that they just collapsed or they’re still struggling today.”

Hendrie says reforming the tax code would reduce the amount of taxpayers’ data that’s vulnerable to digital intruders.

“The compliance cost is so high that you have an entire industry that has naturally developed as a result of the complex tax code,” Hendrie said. “If you made it a little bit simpler, clearly you wouldn’t need as much information.”

‘Lack of Credibility’

Michi Iljazi, a policy manager with the Taxpayers Protection Alliance, says IRS’ ongoing failure to secure taxpayer data exemplifies a larger problem with the agency.

“I think it speaks to a lack of credibility that the IRS continues to suffer from, as we see scandal after scandal showing a real disconnect between the agency and the taxpayer … whether it is political targeting, mishandling of private information of taxpayers and businesses, or a lack of protection over data and records the agency should be preserving,” Iljazi said.  

Tax Reform Needed

Iljazi says federal tax reform should require IRS to collect less private information from taxpayers, making it easier to safeguard against data breaches.

“Comprehensive tax reform is important on a number of levels, and limiting the amount of information that needs to be collected is a very real benefit that could be achieved,” Iljazi said. “A simpler code would likely lead to a smoother process for compliance, and that is likely to include a more streamlined approach for submitting and collecting information when an individual [or] businesses file their tax returns.”

Ben Johnson ([email protected]) writes from Stockport, Ohio.

Internet Info:

Government Accountability Office, “IRS Needs to Further Improve Controls over Financial and Taxpayer Data,” March 28, 2016: