Two New IRS Systems Have Major Security Weaknesses

A new report has found that two key systems the Internal Revenue Service is deploying contain serious security weaknesses. Are those weaknesses putting taxpayers’ data at risk?

In an article on the ComputerWorld website, Jaikumar Vijayan says the report by the Treasury Inspector General for Tax Administration is dated Sept. 24, but was only publicly released last week.

According to Vijayan, the report “identifies weaknesses in several areas —including access control, monitoring of system access and disaster recovery — in a new Customer Account Data Engine (CADE) system that the IRS is rolling out, plus a related Account Management Services (AMS) system.”

The CADE system is intended to manage all taxpayer accounts and replace the agency’s existing Master File tax processing systems and the AMS system is designed to provide faster access to the taxpayer information stored in CADE’s databases.

“According to the IG’s report, systems administrators and other privileged users are able to access, modify and delete taxpayer data with impunity because of a lack of monitoring capabilities in the two systems,” Vijayan says. “In addition, contractors working for the IRS can make configuration changes without prior notice or approval, the report said. Similarly, there are no processes in place for verifying whether data that’s archived on backup tapes is being stored properly and can easily be recovered if needed, according to the report.”