Thursday, March 26, 2015

IRS incompetence and your personal information

Good news: IRS has less identity theft security than your average Etsy shop

 MARCH 25, 2015 BY MARY KATHARINE HAM


They rehire people fired for snooping, they allow pretty much anyone into facilities and restricted areas where all our sensitive information is kept, and there’s no telling how many unauthorized current and former employees are able to steal identities as a result. And, you thought they just ruined people’s lives with audits. That’s novice stuff. This is the IRS.
I have personal experience with this. I had a fraudulent tax return filed under my Social Security number in 2012. As a result, both my refunds from 2012 and 2013 were put under administrative hold or some such nonsense with no notification to me or indication of how to remove them from hold. The 2012 one just arrived four months ago after I finally got someone on the phone who said, “Huh, I don’t really know why there’s a hold on this. It shouldn’t have anything to do with the fraudulent return at this point. It should be to you within two-to-four weeks.” I am also unable to retrieve any tax transcripts online and have had to go physically to the IRS on several occasions because the IRS system reads the fraudulent return’s identifying information as mine, even though they know it’s a fake. It has been more than two years. Every year, I run into roadblocks attempting to file my taxes because of this breach from 2012, as does my husband since he is now linked to this fraud perpetrator in the IRS’ system as well. At no point, have I felt well-informed about this situation, that anyone at the IRS knows how to fix it, or is interested in doing so. 
Unless the IRS patches up its information security, warns a Government Accountability Office report, “taxpayers could be exposed to loss of privacy and to financial loss and damages resulting from identity theft or other financial crimes.”
For a tax collection agency with a history of putting taxpayers at risk, the GAO report is, unfortunately, just more of the same.
It’s not as if IRS officials don’t know they have a problem. They do. And they went through the difficulty of purchasing more secure systems and creating new rules. But purchase orders and bureaucratic handbooks are one thing; follow-through is entirely another. Notes IRS Needs to Continue Improving Controls over Financial and Taxpayer Data, released March 19:
A key reason for the information security weaknesses in IRS’s financial and tax processing systems was that, although the agency has developed and documented a comprehensive agency-wide information security program, it had not effectively implemented elements of it.
Specifically, the IRS didn’t effectively control physical access to its facilities by current and former employees and even by visitors. “Because employees and visitors may be allowed inappropriate access to restricted areas, IRS has reduced assurance that its computing resources and sensitive information are being adequately protected from unauthorized access.”
So glad we’re required by law to send them every ever-loving detail of our lives once a year. Cue John Koskinen admonishing us for our ingratitude and asking for more of our money.

No comments: