Skip navigation
sponsored by 

Computer security problems found at IRS

Employees provided computer data without questioning identity

10 ways to waste time on the Web9 travel spots for geeks10 odd currency facts6 paths to coupled financial bliss
TODAY holiday guide video  
  
  Kid chef cooks holiday treats
Nov. 27: A 13-year-old cook teaches the TODAY hosts how to whip up a turkey risotto that is perfect for the holidays.
  Holiday movie preview
  Delicious Thanksgiving leftovers
  Hottest holiday toys
  Last-minute Thanksgiving cooking tips
Special feature
Image: Clipping coupons
10 tips to be a better coupon sleuth
Want to save now? 10 Tips columnist Laura T. Coffey offers advice to help you upgrade your electronic and paper coupon skills.
FirstPerson
Gallery: Your latest splurges
Despite tough economic times, readers share photos of recent big-ticket purchases.
Most popular video
  Family ditches home for RV
Nov. 27: With the high rate of foreclosures, many families are going to extremes to survive. NBC's Michelle Franzen has the story of one family who is spending their days on the road.
  What’s your sex IQ?
  An update with the 650-pound virgin
  One girl’s wish for an organ transplant
  Father of missing man speaks out
By Jim Abrams
updated 11:53 a.m. ET Aug. 3, 2007

WASHINGTON - IRS employees ignored security rules and turned over sensitive computer information to a caller posing as a technical support person, according to a government study.

Sixty-one of the 102 people who got the test calls, including managers and a contractor, complied with a request that the employee provide his or her user name and temporarily change his or her password to one the caller suggested, according to the Treasury Inspector General for Tax Administration, an office that does oversight of Internal Revenue Service.

The caller asked for assistance to correct a computer problem.

Story continues below ↓
advertisement | your ad here

The report said that by failing to question the identity of the caller the employees were putting the IRS at risk of providing unauthorized people access to taxpayer data that could be used for identity theft and other fraudulent schemes.

"This is especially disturbing because the IRS has taken many steps to raise employee awareness of the importance of protecting their computers and passwords," said Inspector General J. Russell George.

Only eight of the 102 employees contacted either the inspector general's office or IRS security offices to validate the legitimacy of the caller.

The report said the IRS took measures to improve security after two similar test telephone calls in 2001 and 2004. "However, the corrective actions have not been effective," it said.

More security news
Researcher: Media players have critical flaws
Gov’t  agencies wrapped up in 'phishing' scam
Big names team up to lobby against cyber fraud

The IRS agreed with recommendations from the inspector general that it should take steps to make employees more aware of hacker tactics such as posing as an internal employee and to remind people to report such incidents to security officials.

The IRS has nearly 100,000 employees and contractors with access to tax return information processed on about 240 computer systems and more than 1,500 databases.

© 2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

  MORE FROM TECHNOLOGY & MONEY  
  
Technology & Money Section Front
 
Add Technology & Money headlines to your news reader:
 

Sponsored links

Resource guide