August 03,2007

Baucus Concerned With Computer Security Violations at IRS


To: Reporters and Editors

From: Carol Guthrie for Senate Finance Committee Chairman Max Baucus (D-Mont.)

Re: Report of computer security violations at IRS

Senate Finance Committee Chairman Max Baucus (D-Mont.) commented today on a report that
uncovered serious lapses in computer security at the Internal Revenue Service (IRS). The audit
by the Office of the Treasury Inspector General for Tax Administration (TIGTA) discovered that
IRS employees, including managers, are not complying with the basic computer security practice
of protecting their passwords. TIGTA conducted a sting operation, convincing 61 out of 102 IRS
employees contacted by telephone to disclose their usernames and temporarily change their
passwords to ones TIGTA suggested. Applying TIGTA’s “success” rate of 60 percent, almost
60,000 of the IRS’s 100,000 employees and contractors are susceptible to computer hackers,
putting untold amounts of personal taxpayer information at risk for unauthorized disclosure, theft and fraud.

From Chairman Baucus:

“Despite repeated warnings, IRS workers continue to show reckless disregard for computer
security. Continued failure in this area is leaving millions of American taxpayers vulnerable to identity theft and other fraudulent schemes. Every IRS employee should take personal responsibility for protecting confidential taxpayer information. The IRS must take this problem more seriously and take aggressive steps to ensure that all employees understand and carry out security requirements.”

The audit was initiated as part of TIGTA’s statutory requirement to annually review the adequacy
and security of IRS technology. The overall objective of the review was to evaluate the susceptibility of IRS employees to attempts by hackers to gain access to IRS systems. The full report, “Employees Continue To Be Susceptible To Social Engineering Attempts That Could Be
Used By Hackers,” number 2007-20-107, is available online at