TIGTA Report: IRS Cybersecurity Gaps May Put Taxpayer Data at Risk

The Treasury Inspector General for Tax Administration said the Internal Revenue Service has cybersecurity lapses that could lead to the misuse, tampering or disclosure of taxpayer data.

According to TIGTA’s annual assessment of the IRS’ information technology program, the cybersecurity gaps are due partly to the agency’s reliance on old systems. The oversight body said the IRS needs to improve its abilities to detect cyber threats by continuously monitoring and tracking its hardware and software. The agency received an additional $1 billion in funding from the American Rescue Plan Act to modernize its legacy systems, FedScoop reported.

TIGTA noted in its report that IT weaknesses could hamper the IRS’ ability to collect the $4.1 trillion in taxes and process the $1.1 trillion in refunds and outlays it handled in the fiscal year 2021. Outdated systems could also prevent the organization from enforcing tax laws fairly.

According to the oversight body, IRS continues to struggle with its information systems and has not completed the first phase of the federal Continuous Diagnostics and Mitigation program. That phase requires agencies to implement a scanning tool that identifies unnecessary hardware and software. TIGTA also found that while IRS implemented baseline security controls for the Get My Payment application, the agency still uses weak cryptographic ciphers that hackers can breach easily. The tax agency also failed to remediate 17 critical and 169 high-risk vulnerabilities within the government’s mandate, a TIGTA report found.

Despite the drawbacks, IRS was able to create a roadmap for finding encryption solutions for upcoming systems. The organization was also able to deploy Release 1 of its Enterprise Case Management solution and defined the roles and responsibilities of the IRS chief information officer.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now