According to Fox Business, a recent inspector general study revealed that the Internal Revenue Service occasionally lacked “sufficient procedures” to shield private taxpayer data from illegal access.
Certain “critical systems” remained accessible to some former IRS workers and contractors, according to a Treasury Inspector General for Tax Administration review.
After Charles Littlejohn, a former IRS contractor, disclosed tax returns of former President Trump and “thousands of the country’s wealthiest individuals,” the inspector general opened an inquiry. Littlejohn acknowledged taking the tax information and giving it to media sites; as Blaze News has reported, he was sentenced to five years in jail earlier this year.
The US House Ways and Means Committee, chaired by Representative Jason Smith (R) of Missouri, wrote a letter requesting the investigation last year in response to the “massive leak of citizen confidential tax info that the IRS is supposed to keep secure,” according to the Inspector General’s report.
Smith released a statement saying, “When it was revealed that an IRS contractor had stolen and disclosed thousands of people’s tax returns, including Trump’s,” alarm bells should have gone off at the IRS.
Rather, it appears that the agency has not taken much action in response. He said, “The IRS has no justification whatsoever for failing to secure sensitive taxpayer data.
“TIGTA agreed to do an examination of how the IRS gives access to and secures Federal Tax Information kept on its different technology systems (i.e., sensitive systems),” the latest report said after receiving the Chairman’s letter.
“Unauthorized access and publication of taxpayer information might erode the taxpaying public’s faith in the federal tax system to preserve sensitive tax information,” the Inspector General (IG) said.
The Business Entitlement Access Request System is how the agency provides access, according to the inspector general’s findings. It was further said that the procedure is the same for both contractors and employees.
As of July, the investigation found that over 91,000 people had access to at least one of its 276 important systems. Among those users, more than 5,000 were contractors.
“Systematic removal procedures for people who no longer needed access to critical systems were not always operating as anticipated. For instance, TIGTA discovered that as of July 13, 2023, 279 people who had been marked as separated in BEARS were still able to access at least one IRS-sensitive system. As per the report, the IRS revoked the IRS network access for each of these persons. This measure, according to the IRS, lessens the possibility of a user accessing a sensitive system, but it does not completely eliminate it.
It also revealed that people were “not always removed” when a background check on an employee or contractor turned up “not favorable” results.
In particular, as of July 13, 2023, the results of the most current background checks on 19 contractors were unfavorable. Nevertheless, because the IRS did not take the necessary steps to suspend or deactivate the contractors from the IRS’s networks, these contractors were still able to access one or more sensitive systems.
The IRS is taking action to strengthen the security of its critical systems, according to the inquiry.
“However, the IRS lacks sufficient controls to identify or prohibit users from removing data without authorization for several critical systems,” the audit said.
The Inspector General (IG) presented the IRS with three suggestions based on the investigation’s findings. These included suspending users who had negative background checks right away and “timely” dismissing employees who left the company.
The report stated that although the IRS accepted all of the IG’s recommendations, it “disagreed” with their “view of the IRS’s ‘security posture.'”
“The IRS rejected any suggestion that the 19 contractors that the TIGTA found had compromised private data. Fifteen contractors were restored after resubmitting their papers, and all nineteen contractors had previously gotten positive results from background checks. It further stated, “The remaining four contractors have been isolated in the personnel system and had their network access stopped.”
The IRS said that when a contractor is found to not have a positive background determination, it “already takes actions to revoke access.”
In his testimony to the committee last week, IRS Commissioner Daniel Werfel asserted that the organization has “taken a variety of steps” to safeguard private taxpayer data.
Fox Business sent a request for comment, but the IRS did not reply.