IRS Watchdog Finds Taxpayer Data At Risk

 

In the wake of a high-profile data breach at the hands of an IRS contractor, an agency watchdog is warning that risks remain for taxpayer information. The Treasury Inspector General for Tax Administration (TIGTA) issued a report on February 6 suggesting that the IRS has made headway in securing sensitive data, but it still “does not have adequate controls to detect or prevent the unauthorized removal of data by users."

The report found that 91,661 individuals had credentials for IRS systems with sensitive taxpayer information. While most were IRS employees, more than 5,000 were contractors employed by 187 companies. TIGTA warned that the agency did not always cut off system access when warranted. For example, investigators found 279 separated individuals who continued to have access to at least one sensitive agency system. They also flagged 19 cases in which contractors retained credentials even though their background checks came back unfavorable.  

Investigators did credit the IRS with pursuing improvements over the last several years. For example, officials reported stricter procedures for individuals to receive and maintain access to the agency’s Compliance Data Warehouse, as well as new safeguards against unauthorized transfer of data to external hard drives and other removable storage devices. Still, TIGTA warned that “a key deficiency” for the IRS was a lack of “complete, accurate, and usable audit trail logs.” 

TIGTA began this examination of IRS data security practices last year after House Ways and Means Committee Chairman Jason Smith (R-Mo.) called for light to be shed on how media outlet ProPublica acquired the confidential tax information of thousands of Americans, including President Donald Trump. Federal prosecutors identified a former IRS contractor, Charles Littlejohn, as the culprit and said the scope and scale of his disclosures were “unparalleled in the IRS's history.” Littlejohn pleaded guilty and was sentenced to five years in prison in late January. 

Chairman Smith remains concerned. “Alarm bells should have set off at the IRS when it was discovered that an IRS contractor stole and leaked thousands of individuals’ tax returns, including President Trump’s,” he said following the release of the watchdog report.  

“Instead, it looks like the agency has done very little in response,” he added. 

Of note, the House Ways and Means Committee is planning an oversight hearing featuring IRS Commissioner Daniel Werfel on Thursday, February 15.  

 

This text is provided with the understanding that ECFA is not rendering legal, accounting, or other professional advice or service. Professional advice on specific issues should be sought from an accountant, lawyer, or other professional.