Taxpayer data is at risk because the IRS fails to track its contractors that store and process the information or ensure that those contractors are fixing known security weaknesses, according to a new report by the agency's inspector general.
The vulnerable data include tax return information and Social Security numbers, the report said.
In the report released today, the Treasury Department Inspector General for Tax Administration urged the IRS to prepare a strategy to correct security weaknesses identified in fiscal 2009 at eight contractor facilities, but the IRS has done so for only one of those locations.
As a result of these failures, the IRS "cannot ensure that taxpayer data are protected at contractor facilities," the report states, and "taxpayer data will remain at risk of unauthorized access and disclosure."
According to the IG's office, the IRS's procurement information system has sufficient data for IRS workers to determine which contractors are entrusted with sensitive data. However, the procurement data is not reviewed "due to the workload involved," the report said.
The IG recommended that the IRS improve the procurement information system to better identify which contractors require security reviews. The report also said the IRS should develop a better process for fixing existing security weaknesses.
The report said the IRS agreed with the recommendations and is working to fix the problems.