The IRS is not having a good year when it comes to keeping your ID protected, and keeping hackers out of its systems. In fact, 2016 may just be the worst year ever for IRS security holes.
That's according to Congress, which sharply criticized the IRS yesterday for potentially exposing hundreds of thousands of taxpayers to hackers and organized crime rings. On the list of nearly 100 security gaps:
- Easily guessed password systems
- Too many people having access to the IRS system, with full rights and privileges
- Too few encrypted systems
Worse, the Government Accountability Office told Congress that the IRS hasn't fixed a lot of the problems the GAO brought to its attention last month. "We're hopeful [the IRS] will rigorously implement our recommendations over the next few yeas, all 94 that we have outstanding," GAO head Gene Dodaro told the Senate Finance Committee.
These security gaps are often serious. Russian hackers in February accessed information of 300,000 taxpayers, and tried to hack the records of another 295,000 taxpayers.
We've also told you about several security problems the IRS has had this year. For instance, an ID theft victim was victimized a second time, even though the IRS had given her a secure IP PIN. That PIN was meant to keep her ID safe.
IRS Commissioner John Koskinen said they're aware of the security holes and actively working to fix them. Among those possible fixes is a more secure system to prove a person accessing a taxpayer's information is, in fact, that taxpayer.
"We are in the process of developing a strong and coordinated authentication framework," said Koskinen. "Our goal is to have the strongest possible authentication process for our online services while maintaining the ability of taxpayers to access their data and use IRS services online."