Posted on 06/24/2005 8:47:11 PM PDT by blogblogginaway
WASHINGTON (Reuters) - The Internal Revenue Service is investigating whether unauthorized people gained access to sensitive taxpayer and bank account information but has not yet exposed any privacy breaches, an official said on Friday.
The U.S. tax agency -- whose databases include suspicious activity reports from banks about possible terrorist or criminal transactions -- launched the probe after the Government Accountability Office said in April that the IRS "routinely permitted excessive access" to the computer files.
The GAO team was able to tap into the data without authorization, and gleaned information such as bank account holders' names, social security numbers, transaction values, and any suspected terrorist activity. It said the data was at serious risk of disclosure, modification or destruction.
"There is no evidence that anyone who was not authorized accessed the data outside the GAO," said Sheri James, a spokeswoman for the Treasury's Financial Crimes Enforcement Network (FinCEN), which is working with the IRS to address the concerns of the GAO, the investigative arm of Congress.
"The assessment remains ongoing at this time," James said.
IRS officials were not immediately available for comment.
FinCEN is responsible for administering the Bank Secrecy Act, under which banks must file suspicious activity reports on transactions they believe could be linked to money laundering or terrorism financing. The IRS stores this data for FinCEN.
As their name suggests, these reports are filed based on suspicions, not necessarily proof, and the vast majority never lead to investigations or prosecutions.
Unauthorized access to the information held by the IRS raises concerns about the privacy rights and civil liberties of innocent banking clients as well as ordinary taxpayers.
From October, when FinCEN rolls out a new computer system called BSA Direct, the agency will for the first time take control of all BSA data from filing to dissemination, which it hopes will significantly bolster data security.
Taxpayer data will remain with the IRS, which the Treasury says is addressing its "computer security deficiencies."
Concerns about privacy violations through weak computer security are mounting in the United States, where a string of companies this year have reported stolen or misappropriated customer data, including Bank of America Corp., ChoicePoint Inc. and Reed Elsevier .
Since ChoicePoint announced in February that it mistakenly sold 145,000 consumer profiles to a ring of identity thieves, dozens of other organizations, from banks to universities, have announced security breaches of their own.
IRS: the TSA of data security.
"All these security breaches of our personal financial info. is beginning to sound suspicious."
People rob banks because thats where they keep the money.
People hack computers because that's where they keep the data.
My job is to fly around to our customers, break into their networks, and teach them how to keep the bad guys out. Many of our clients are well known companies and state and local government agencies. I can tell you that there has never been a penetration test we've done which if it was scoped to include a large enough segment of a customers internet facing network and enough time, we haven't been able to penetrate systems and use them to access other internal systems. We also do similar tests while plugged directly into our customers network to simulate a disgruntled employee, industrial espionage, etc. Internal networks are even less securely configured.
Windows, UNIX, it doesn't make a hell of a difference in an enterprise network.
Note to IRS: YOU ARE AN ILLEGAL AGENCY. YOU WERE CHALLENGED IN COURT TO PROVE YOUR LEGITIMACY, AND FAILED.
NOW JUST STFU. (Wait until the lawsuits start flying the other way now!!!)
This is very odd. So much stolen info in the past 6 months. Maybe Al-quedia found a new way to attack us. We all wake up one morning and we're 120,000 dollars in the hole. That'd be a finicial situation.
Well, do you know any smart people, with an ounce of self-respect, who want to make a living as a government drone-parasite helping Big Stupid Government steal money?
I'm guessing they consider themselves lucky to fill positions with the bottom of the barrel, intelligence-wise and motivation-wise.
IRS outsourcing...
Another good reason not to file tax returns. It ain't safe. :-)
Perhaps the laziest and the grayest??
Would a disgruntled ex-employee from a company like yours be a likely suspect in these hackings?
There's no way any info in an electronic environment can be safe is there?
I am not sure what that is but it sounds bad. Maybe even hugh and series.
If even the Gummint Agency of Oafs can hack the IRS, that's bad.
Very hugh. Like so impotent. (important) lol...
"There's no way any info in an electronic environment can be safe is there?"
Depends on how safe you mean by safe.
Controls should be appropriate to business reqauirements. It's always a tradeoff between availability and security. The more secure, the less easily available for legit use.
There is no such thing as 100% secure, thats why we preach about things like security in layer, detective and protective controls, etc.
"Would a disgruntled ex-employee from a company like yours be a likely suspect in these hackings?"
Possible but unlikely.
There are a lot more bad guys than there are good guys.
Most commonly trotted out figure is that more than 80% of all hacks are perpetrated by insiders/employees.
According to redstate she was leaking to Buzzfeed’s Jason Leopold.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.