US taxpayer data went missing thanks to IRS carelessness, says report
An IRS warehouse in Tennessee holding taxpayer data did not know it was holding taxpayer data, found a new analysis by the Treasury Department.
In fact, the top official at the warehouse learned from the inspector that taxpayer information was being stored there.
"If appropriate officials are not aware that [personally identifiable information] has been transferred into a system that was not originally designed to protect PII, they cannot adequately protect that data or take steps to prioritize necessary resources to appropriately manage the system from a security and risk perspective,” reads the audit by the Treasury Inspector General for Tax Administration.
SEE ALSO:New malware is being disguised as Fortnite for AndroidThe government is already notoriously bad with cybersecurity, and the IRS, which directly handles taxpayers' personal information, in recent years has experienced various public scandals after poorly protecting that data.
This lax security puts people at a great risk of identity theft, especially since social security numbers are involved, which can ruin credit scores, careers, and just about any stability in your life.
Taxpayer information was moved to a new Memphis location dubbed the Cybersecurity Data Warehouse after scammers in 2015 exploited an IRS hole to successfully obtain the personal information of more than 350,000 taxpayers. But when the department tried fixing the problem, they only made it worse.
People's vulnerable (and some already compromised) information was then given even less security there and remained that way for years.
The report is littered with alarming subheads like "the security change management process was not properly followed," "key security documentation was not updated," and "an inventory of systems that transfer taxpayer data to the cybersecurity data warehouse was not maintained."
They respectively (and more plainly) mean that the IRS didn't follow the rules, the necessary security measures to protect taxpayer data in its new home was nonexistent, and the IRS does not know what parties/systems touched taxpayer data.
The audit was conducted by the Treasury Inspector General for Tax Administration, an independent organization that checks the IRS. It gave four main recommendations, which the IRS did not fully agree to implement — it refused to hold employees accountable for their actions and did not agree to conduct a risk assessment of the data's new home.
They now, however, have bolstered physical security measures at the Memphis warehouse and control which employees could access this data.
It is unclear how many people's data was moved there and whether any data was breeched during these years of vulnerability.
The IRS did not respond to a request for comment at the time of publication.
Featured Video For You
Facebook is using facial recognition — here's how to turn it off
TopicsCybersecurityPolitics
(责任编辑:资讯)
- ·Republicans on abortion
- ·North Korea rejects UNSC statement
- ·Former game developer wealthiest member of 20th parliament
- ·Korean Peninsula tensions key topic for Obama's talks with Xi: White House
- ·18 Places for Epic Outdoor Adventure Across Colorado
- ·圈养大熊猫野化培训重新启动
- ·Instagram is testing photo albums, because nothing is sacred anymore
- ·7 February games you should get excited about
- ·Klarna CEO reveals plan to reduce workforce by 50% and replace it with AI
- ·Hands on with the Amazon Kindle Paperwhite
- ·共同推动雅安职工思想政治引领数智化发展工作做深做实
- ·Pacquiao says exhibition fight 'my comeback to the ring'
- ·Shady meme says 'stop talking sh*t' and proceeds to talk sh*t
- ·圈养大熊猫野化培训重新启动
- ·A Barbie flip phone is here from HMD
- ·New iPad Pro details leak: 4K over USB
- ·Iran returns star footballer Daei's passport
- ·Hillary Clinton spent an hour reading her controversial emails at a public art exhibit
- ·16 of the Most Epic Sandwiches Around the Planet
- ·大街小巷共“享”足球盛宴