The US Internal Revenue Service (IRS) deployed a $1.7bn pair of computer
systems which had known vulnerabilities, according to a government audit.
A report issued by the Treasury Inspector General for Tax Administration
claims that two IRS systems designed to process and manage tax returns were
implemented and allowed to run while IRS staff knew about the security flaws.
The report centres on the Customer Account Data Engine (CADE), a system
designed to manage taxpayer information, and Accounts Management Services (AMS),
an administration tool which allows IRS agents to access that information.
However, an audit performed by the Treasury Inspector General's office
suggests that the new systems could be putting taxpayer information at risk.
The report found that the two systems were put into operation with unpatched
flaws while IRS employees knew of the risk and looked the other way.
"Security weaknesses in controls over sensitive data protection, system
access, monitoring of system access and disaster recovery have continued to
exist even though key phases of CADE and AMS have been deployed," read the
report.
"As a result, the IRS is jeopardising the confidentiality, integrity and
availability of an increasing volume of tax information for millions of
taxpayers as application releases are put into operation."
An Associated Press report claims that many of the issues raised in the audit
report, which was originally written on 24 September, have since been addressed,
and that the IRS is putting measures in place to safeguard against other
threats.
Do you agree?
Have your say on this article