Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Dissent (Dissentpogowasright.org)
Date: Thu Apr 05 2007 - 06:54:49 CDT
At least 490 IRS computers have been stolen or lost since 2003 in
security breaches that potentially jeopardized the personal
information of more than 2,000 taxpayers, a government audit reported
The computers were lost in 387 incidents, most of which were not
reported to the IRS computer security office as required, according
to the report by the Treasury Inspector General for Tax Administration.
The audit also found that IRS laptops lacked adequate password
controls and encryption software that would protect taxpayer
information and other data.
"This is a serious concern," said Inspector General J. Russell
George, whose findings quantified one of several recent computer
security breaches involving federal agencies. "The American public
relies on the IRS to protect the personal information they provide."
IRS Commissioner Mark Everson said the agency was unaware of any
identity thefts stemming from the loss of the laptops. The IRS has
"moved aggressively" since last summer to strengthen protection of
taxpayer data, he said.
The audit focused on computer security incidents from January 2003 to
June 2006 involving IRS personnel authorized to take electronic files
outside their offices. Some of the incidents were previously made
public in media or government reports. The IRS has assigned more than
52,000 laptops to its workers.
While acknowledging that the IRS can't completely avoid computer
thefts or losses, auditors found that many of the laptops had been
stolen from vehicles, homes or other locations where the units had
been left unattended or not locked up.
Personal data on at least 2,359 individuals were lost in the
incidents, auditors found. Based on an examination that showed other
IRS computers had unencrypted taxpayer and employee data, plus
inadequate password protection, auditors reported it's "likely that a
large number of the lost or stolen IRS computers could be accessed by
IRS rules require employees to report lost or stolen computers to the
agency's computer security office and the inspector general. Auditors
determined that 76% of the incidents were not reported to IRS
security personnel, who "could have helped negate the risk to taxpayers."
The auditors recommended that the IRS improve its response to
computer security breaches by assessing the risk to taxpayers whose
data could be threatened. The IRS should also periodically remind
workers about security rules and provide instructions for encryption
software, the audit said.
"Protection of taxpayer data is a top priority," said Everson, who
said IRS laptops are now encrypted before they're issued to
employees. Also, the agency now assesses the potential threat to
taxpayers in all computer losses and stresses security training, he said.
Main site: http://www.pogowasright.org
Main RSS feed: http://www.pogowasright.org/backend/pogowasright.rss
Breaches RSS feed: http://www.pogowasright.org/backend/breaches.rss
Dataloss Mailing List (datalossattrition.org)
Tracking more than 203 million compromised records in 609 incidents over 7 years.