Site icon Liquidmatrix Security Digest

IRS Rolls Out Applications Despite Warnings

Here’s a confidence builder for our American cousins that their tax data will remain secure.

From NextGov:

The Internal Revenue Service deployed two major computer applications despite known security vulnerabilities that put taxpayer information and other sensitive data at risk, according to a report from the IRS inspector general released on Thursday.

The IG concluded in a September annual audit that security weaknesses in the agency’s updated tax processing systems could enable malicious intruders to gain unauthorized access to taxpayer information and prevent the IRS from recovering applications during an emergency. The Customer Account Data Engine is a tax processing tool being deployed in phases to replace the existing repositories of taxpayer information, while the Account Management Services systems aim to provide employees with faster and better access to taxpayer account data.

The part that gets me is that these vulnerabilities were discovered in 2007 not last week. Oh, and no audit logs or DR failover/plan. I fail to understand how something like this could go live when…wait, that’s right. What was I thinking?

Oooh, look at the kitty.

Article Link

Exit mobile version