IRS slammed over lax security

The US Internal Revenue Service is accused of putting two systems into operation with unpatched flaws

The US Internal Revenue Service (IRS) deployed a $1.7bn pair of computer systems which had known vulnerabilities, according to a government audit.

A report issued by the Treasury Inspector General for Tax Administration claims that two IRS systems designed to process and manage tax returns were implemented and allowed to run while IRS staff knew about the security flaws.

The report centres on the Customer Account Data Engine (CADE), a system designed to manage taxpayer information, and Accounts Management Services (AMS), an administration tool which allows IRS agents to access that information.

However, an audit performed by the Treasury Inspector General's office suggests that the new systems could be putting taxpayer information at risk.

The report found that the two systems were put into operation with unpatched flaws while IRS employees knew of the risk and looked the other way.

"Security weaknesses in controls over sensitive data protection, system access, monitoring of system access and disaster recovery have continued to exist even though key phases of CADE and AMS have been deployed," read the report.

"As a result, the IRS is jeopardising the confidentiality, integrity and availability of an increasing volume of tax information for millions of taxpayers as application releases are put into operation."

An Associated Press report claims that many of the issues raised in the audit report, which was originally written on 24 September, have since been addressed, and that the IRS is putting measures in place to safeguard against other threats.