Weaknesses in IRS security systems continued to put private taxpayer data at potential risk of exposure in fiscal year 2024, according to a new watchdog assessment of the agency’s IT systems.
High-profile security breaches in recent years have attracted significant scrutiny of the agency. The report from the Treasury Inspector General for Tax Administration issued Friday covered, in part, the year during which a former IRS contractor was sentenced for stealing tax returns from wealthy individuals and President Donald Trump.
The TIGTA report, dated June 23, said that midway through 2023 almost 300 users continued to have access to sensitive taxpayer data after they had left the agency.
- TIGTA found the IRS didn’t include proper security details in its agreements with states participating the Direct File pilot. The report said, however, that the IRS had “sufficiently” put in controls for identity proofing and authentication for the pilot.
- Audits found that the IRS let more than 2,000 “critical” network vulnerabilities go unresolved past deadlines.
- TIGTA also found that security threats from insiders, like the former IRS contractor, remained a threat in 2024.
To contact the reporter on this story:
To contact the editors responsible for this story:
Learn more about Bloomberg Tax or Log In to keep reading:
Learn About Bloomberg Tax
From research to software to news, find what you need to stay ahead.
Already a subscriber?
Log in to keep reading or access research tools.