Report: IRS puts taxpayer data at risk
This article originally appeared on watchdog.org.
MADISON, Wis. — As if Americans living in the perilous Information Age didn’t have enough to worry about with myriad predators lurking in the online shadows to steal their identities.
Now it appears their government may be helping thieves?
A new report released by the Treasury Inspector General for Tax Administration, or TIGTA, the Internal Revenue Service’s auditor, finds that some contract employees providing services to the IRS without required background checks had access to taxpayer data.
“TIGTA found that taxpayer data and other (Sensitive But Unclassified) SBU information may be at risk due to a lack of background investigation requirements in five contracts for courier, printing, document recovery and sign language interpreter services,” the auditor said.
In one contract for printing services, the IRS provided the contractor a CD containing 1.4 million taxpayer names, addresses and Social Security Numbers, TIGTA reports. None of the contractor personnel who worked on this contract were subject to a background investigation.
“In addition, TIGTA found 12 service contracts for which employee background checks were required by the contract; however, some contractor personnel did not have interim access approval or final background investigations before they began working on the contracts,” the agency wrote. “Further, TIGTA identified 20 contracts for which some contractor personnel did not sign nondisclosure agreements. The IRS subsequently issued more explicit guidance requiring the execution of nondisclosure agreements.”
IRS policy requires background investigations for contractor personnel who have or require access to Sensitive But Unclassified information, including taxpayer information.
TIGTA said the overall objective of this review was to determine the effectiveness of IRS controls to ensure that background investigations were conducted for contractor personnel who had access to SBU information. TIGTA did not review whether unauthorized contractor employees obtained or misused taxpayer data.
“Allowing contractor employees access to taxpayer data without appropriate background investigations exposes taxpayers to increased risk of fraud and identity theft,” said J. Russell George, Treasury Inspector General for Tax Administration, in a statement.
TIGTA recommends the IRS:
- Ensures service contracts have appropriate security provisions and that appropriate background checks are conducted before they begin work
- Provides training for staff on contractor security requirements
- Works with the Department of the Treasury Security Office to review the waiver now in place that exempts contracted expert witnesses from background investigations and determine if the waiver is still appropriate in the current security environment.
The IRS signed off on four of TIGTA’s recommendations, but it disagreed with the waiver guidance.
“TIGTA believes that waiving the background investigation requirement presents a security risk,” the report notes.