Oversight
Audit finds another cyber headache for IRS
Two years after leaving hundreds of thousands of accounts vulnerable to theft in the 2016 Get Transcript breach, officials at the IRS are still getting dinged for not doing enough to protect sensitive and personally identifiable tax data.
In a report released June 21, auditors focused on multiple failures by tax agency officials to follow security and privacy procedures around the Cybersecurity Data Warehouse (CSDW), which absorbed the same Get Transcript taxpayer account data that was left exposed in 2016.
“The IRS introduced new security weaknesses and risk to the CSDW when it began transferring taxpayer data from the Get Transcript application to the CSDW without following the established change management process,” the audit read.
Following the breach, IRS officials made a decision to move personally identifiable information associated with Get Transcript to the data warehouse located at an enterprise computing center in Memphis, Tenn., in order to give their newly minted fraud analysis team easier access to the…
