Data security

TIGTA Report: IRS Lack of Cybersecurity Oversight Could Compromise Taxpayer Data

A Treasury Inspector General for Tax Administration report found that deficiencies in the Internal Revenue Service’s security program may lead to taxpayer data being misused or inappropriately disclosed.

According to the annual TIGTA report, the IRS had lapses in its cybersecurity program and suffered issues around its data privacy and system environment security. These include the lack of contractual services for fraud analysis and detection, network device oversight and remediation oversight.

The report noted that remediation oversight is only available for high-priority, enterprise-wide vulnerabilities. The IRS also failed to consistently track and report remediation metrics.

The TIGTA report also said the IRS lacked a complete systems inventory but has taken steps to address IT supply chain risks, FCW reported Thursday.

IRS officials said in response to the report that they took corrective actions to address previous recommendations and are working on a multi-layered cybersecurity program. They also claimed that some findings, particularly those involving cloud service deployment, were inaccurate and included misleading statements.

The tax agency admitted that it has struggled with cybersecurity problems because of limited resources, but funding from the Inflation Reduction Act will allow it to address key issues.

The TIGTA report comes two months after the Government Accountability Office said the IRS’ modernization efforts were lagging partly because of funding constraints and a lack of descriptions of some efforts.