The IRS failed to revoke access to sensitive tax systems from contractors who failed background checks and doesn’t have protections for some of those systems to prevent unauthorized removal of taxpayer data, the agency’s chief watchdog warns in a stinging rebuke that comes on the heels of a devastating criminal leak of tax records.
“The fact remains that for some sensitive systems, the IRS does not have adequate controls to detect or prevent the unauthorized removal of data by users,” the Treasury Department Inspector General for Tax Administration (TIGTA) concluded in a report this month.
That report was issued at the same time ex-IRS contractor Charles Edward Littlejohn was sentenced to five years in prison for leaking tax information to news organizations about former President Donald Trump and countless other wealthy Americans.
It also is a fresh reminder that the IRS has struggled for decades to fix lax security. TIGTA first began warning the IRS was doing a poor job protecting taxpayer information back in 2007 when George W. Bush was still president. Three presidents later, those concerns linger.
