Union decries IRS for security weaknesses

The president of the National Treasury Employees Union issued a statement today criticizing the Internal Revenue Service for having “continuing and serious internal information technology security issues."

The union statement refers to a new Government Accountability Office report describing information security weaknesses at the IRS that leave taxpayers’ financial and personal information vulnerable to data theft.

NTEU President Colleen Kelley said those security problems "make it all the more pressing that the IRS abandon its ill-conceived and dangerous plan to privatize tax debt collection.”

Kelley called the report another warning signal of the dangers of the IRS’ effort to move ahead with plans to hire private-sector debt collectors to pursue tax debts.

“Rather than seek to move personal and sensitive taxpayer information into private hands, the IRS needs to devote time, attention and resources to ensuring it can protect these vital data when the information is in its own hands,” Kelley said. “I don’t think anyone can realistically be satisfied right now that the agency has accomplished that.”

The GAO report, released March 24, states that the IRS failed to establish effective electronic access controls related to network management, user accounts, file permissions, and logging and monitoring of security-related events. The agency has not installed other controls to secure computers physically, according to GAO's audit report.

“Collectively, these weaknesses increase the risk that sensitive financial and taxpayer data will be inadequately protected against disclosure, modification or loss, possibly without detection, and place IRS operations at risk of disruption,” the GAO report states.

In a Feb. 27 letter to Gregory Wilshusen, GAO’s director of information security issues, IRS Commissioner Mark Everson agreed with GAO’s assessment.

“Because the IRS’ solution extends beyond the specific findings and addresses the root cause of the weaknesses at an enterprisewide level, a majority of the weaknesses remain open,” Everson wrote. “However, as a result of this agencywide approach and other initiatives we have under way, the IRS now has stronger controls to protect taxpayer data.”


  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.