The IRS has failed to implement dozens of security upgrades to combat cyberattacks, leaving the agency's computer systems vulnerable to hackers, a government watchdog told Congress Tuesday.
The agency's inspector general outlined the security weaknesses a week after the IRS announced that criminals had stolen the personal information of 104,000 taxpayers from an IRS website. The IRS believes the information was stolen as part of an elaborate scheme to claim fraudulent tax refunds.
"The IRS faces the daunting task of protecting its data and IT environment from the ever-changing and rapidly-evolving hacker world," said J. Russell George, the Treasury inspector general for tax administration. "This incident provides a stark reminder that even security controls that may have been adequate in the past can be overcome by hackers, who are anonymous, persistent, and have access to vast amounts of personal data and knowledge."
Each year, George's office audits the IRS's security systems and recommends improvements. As of March, 44 of those upgrades had not been completed, George said. Ten of the recommendations were made more than three years ago.
Read More: IRS breach Puts Spotlight on the Internet's 'Costco of Cybercrime'
George could not say whether the security upgrades would have prevented the recent breach. However, he added: "It would have been much more difficult had they implemented all of the recommendations that we made."
