backtop

Print E-mail del.icio.us 35 comment(s) - last by Scorpion.. on Apr 13 at 12:01 PM
An audit has shown that the IRS lost more than 500 laptops, leaving around 2,000 taxpayers at risk for identity theft

The Treasury Inspector General for Tax Administration from the Department of Treasury believes the U.S. Internal Revenue Service is not doing a good job of protecting taxpayer data. The IRS either lost or had 490 laptops stolen over the past three years, leaving as many as 2,000 taxpayers compromised, according to an audit conducted by the Treasury Inspector General for Tax Administration.

The report indicates that a “large number” of laptops were stolen from the homes and vehicles of IRC employees, with more than 100 notebooks stolen directly from IRS facilities.  Between 10 and 25 tax cases are stored on each laptop that the IRS uses (PDF).    

The IRS did not begin to correct security issues until the second half of 2006, even though the problems were apparent since 2003.      

Staff members at the inspector general's office tested 100 laptops and found that 44 of them had "unencrypted sensitive data, including taxpayer data and employee personnel data."  Furthermore, the laptops had a minimal amount password controls to further help keep users safe. The organization has not received word on any potential identity thefts.

The report from the Treasury Inspector gave some basic recommendations to the IRS, including having the Chief Information Officer post a memo reminding the proper people to encrypt sensitive data.  Another recommendation is for system administrators to conduct basic security checks on all PCs and laptops that are brought in for service.

Although alarming, the IRS is not the first U.S. department to lose copious amounts of laptops.  A study released several months ago revealed that the FBI lost 160 laptops during a 44 month period of intense scrutiny.  The investigation was triggered after the agency lost 317 laptops in the previous two years. Moreover, the FBI could not accurately account for what was on those laptops.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
the problem lies....
By Moishe on 4/6/2007 8:52:55 AM , Rating: 5
in the lack of enforcement of rules.

I love the comment about the memo reminding users to encrypt. lol that's like scolding your kid when they are caught playing with a gun. It's far to lenient.

If this is so critical they need to be forced to be secure. People are naturally lazy and forgetful and need some strong incentive to keep things secure (like being fired, pay docked, etc).

They should also switch to computers with complete drive encryption and possible something that would completely wipe the drive is removed from the network for more than 24 hours. I don't see why there should be any IRS laptop with more than 20 records on it outside the IRS network anyways. You'd think they'd have a record checkout system that would allow an auditor to get only what he needs. Having laptops with full databases running around in public is just begging for theft and it's unnecessary. But this Is the govt we're talking about here. Common sense is out and inefficiency is in with bureaucracy.

Where I work I'd walk funny for a month if I lost a laptop even if it didn't have sensitive data on it.




RE: the problem lies....
By PAPutzback on 4/6/2007 9:10:47 AM , Rating: 1
I don't see why the IRS has so many laptops to begin with. Why aren't they using desktop pcs. I can't imagine that there are that many auditors that go outside the building. 500 is how many are missing so how many do they use all together. Once again our tax money is paying 100 bucks for a stapler.


RE: the problem lies....
By Methusela on 4/6/2007 10:42:32 AM , Rating: 3
Surely you jest!

You can't imagine why the IRS employees, many of whom perform their duties on-site, would have laptops? What would you have them do, write everything down on napkins or lug boxes of files around in their vehicles? Audits with paper forms are so 1991.

Sure, they still use paper, but not NEARLY as much as they used to. How have they eliminated all that paper? Laptops!

Naive much?


RE: the problem lies....
By PAPutzback on 4/6/07, Rating: -1
RE: the problem lies....
By Methusela on 4/6/2007 12:28:24 PM , Rating: 5
Uh,

I'm not defending the loss of anything, monetary or physical property. What I am saying, however, is that your assumption that they don't need them is ridiculous in its naivety. I'm shocked that you fail to see how it's significantly impractical to require IRS auditors, of whom there are over 28,000, to lug desktop PCs to audit locations, as you suggested, or require them to use paper. So, in answer to your question -
quote:
Now do you think they have 5000 employess that need to have a laptop.
- yes, yes I do. More, in fact.

Source: http://tinyurl.com/ys73kp

I now understand that your comment wasn't naivety. Rather, it was blatant ignorance and a knee-jerk explosion of keyboard diarrhea.


RE: the problem lies....
By PAPutzback on 4/6/07, Rating: -1
RE: the problem lies....
By dever on 4/7/2007 11:18:00 AM , Rating: 2
This argument really is pointless.

The real point here > The IRS should be done away with.

Ban income tax and pass the Fair Tax.


RE: the problem lies....
By TheGreek on 4/9/2007 9:33:06 AM , Rating: 2
Simpleton logic.


RE: the problem lies....
By fic2 on 4/6/2007 12:03:23 PM , Rating: 2
If you would have read the posters second sentence he/she says
quote:
Why aren't they using desktop pcs.


I agree with whoever said that who ever loses a laptop should be financially responsible for it and fixing whoevers credit they helped destroy.

There was a gov't employee here in Colorado that took a laptop with something like 5,000 records on it home for the weekend. On the way home he stopped at a park. His truck was broken into and the laptop was stolen. I think the worst that happened to him was a scolding. He should have been fired. After a firing you bet nobody would be that stupid for at least a couple of months.


RE: the problem lies....
By EidolWays on 4/6/2007 12:21:51 PM , Rating: 2
quote:
I think the worst that happened to him was a scolding. He should have been fired. After a firing you bet nobody would be that stupid for at least a couple of months.


Yes, people who display such gross neglect for their employer's sensitive data should be severely reprimanded. In this case, said data was for what amounts to the employer's customers, which is even more critical. In the industry, this would be bad . But, then, this isn't the industry. This is government, and in the federal government, it's just about impossible to get fired. We must, unfortunately, reap the results of such policies.


RE: the problem lies....
By Methusela on 4/6/2007 12:30:41 PM , Rating: 2
I read every sentence. How would an on-site auditor transport to that desktop PC the information they obtain while doing audits?


RE: the problem lies....
By ted61 on 4/6/2007 12:03:44 PM , Rating: 2
Laptops are the way to go. You can carry much more information on a laptop then you can in college ruled note books.

I still say most of the missing laptops were outdated junkers that some IRS worker who reads dailytech regularly took apart. He wanted to see how they worked and find out what all the fuss was about in the Linux world.


RE: the problem lies....
By Samus on 4/6/2007 10:30:56 PM , Rating: 2
Want enforcement? FIRE EVERY EMPLOYEE WHO WAS ASSIGNED TO THOSE LAPTOPS. Immediately!


Social Security
By Mitch101 on 4/6/2007 8:47:09 AM , Rating: 3
Does anyone else feel like Social Security needs to be set up like the credit card companies with so many thefts occuring.

Hey yea the IRS/TJMAXX/PENTAGON/WORK laptop went missing and I need a re-issue? You will receive your new Social Security card in the mail in 7-10 buisness days. Thank you.




RE: Social Security
By Moishe on 4/6/2007 8:54:47 AM , Rating: 3
No kidding. I just got a new CC with a letter from the company stating that the TJ Maxx theft possibly effected me. They should re-issue SSNs whenever they're compromised. Even that won't help us though when we're required to use such a sensitive number just to rent a DVD.


RE: Social Security
By TSS on 4/6/2007 9:52:09 AM , Rating: 3
dont worry is isn't much better here overseas. we just had a few scandals involving the dutch secret service "misplacing" a few USB sticks and laptops.

still 500 *is* alot. something i dont get though:

quote:
An audit has shown that the IRS lost more than 500 laptops, leaving around 2,000 taxpayers at risk for identity theft....

...Between 10 and 25 tax cases are stored on each laptop that the IRS uses.


so if there are 10 cases atleast stored on EVERY laptop, and they lose around 500, that doesn't register as 2000 here but more like 5000? 10k if you go for the 20 cases a laptop. so basicly either more then half of the laptops didnt have cases on them, the IRS is much more lazy (like 5 cases a laptop), or their incorrect about how many people it affected.

a possible explanation would be that 44/100 uncrypted data, meaning they figure that there are 5000 records out there only more then half is encrypted (like that can't be broken by somebody who really wants a identity).


RE: Social Security
By marvdmartian on 4/6/2007 11:07:52 AM , Rating: 4
More appropriately, why has it become so commonplace for everyone and their brother having to know our social security numbers, just in order to do business with us?? Unfortunately, it became commonplace to use that, because it is a unique way of identifying a person......then the identity theives came along, and took advantage of the lax security that most of those companies had on that information.

Easily, the best answer to this problem is that if a person's identity is stolen because of the negligence of a person or company, said person or company should then be held financially liable for any and all damages, including the cost of repairing that person's credit reputation! Start forcing folks to be more responsible with this sensitive information, by making them pay the bill when it's misused, and they'll finally start taking it seriously!

Oh, and as far as the $100 stapler comment, above.....if you can find me anyone that sells desk staplers for $100, I'd be surprised. The government, in fact, buys most of it's office supplies from places like Office Depot, Staples, etc, these days.....which means they're paying the same price you do for these consumables. Not only does that allow for less chance of someone taking advantage of the old system (where items like that would be sold in bulk to the government, who would then re-sell them to the individual entities), but it helps the local economy by buying from many smaller stores, instead of one large company. You can thank a couple politicians that were in office during the Reagan era for that....they named the law after them.....it's called the "Graham-Rudman Act". I bet you could google it, if you want more info. ;)


RE: Social Security
By Mitch101 on 4/6/2007 1:29:51 PM , Rating: 2
"said person or company should then be held financially liable for any and all damages, including the cost of repairing that person's credit reputation!"

I wish I could vote you up for that.


RE: Social Security
By Scorpion on 4/6/2007 2:54:35 PM , Rating: 2
I think the $100 stapler reference comes from private & even some governmental agencies who when budgeting out a proposal bid for a project, artificially inflate the estimated cost of most materials to achieve their final bid.

I think this is pretty common. Everyone seems to submit inflated budget proposals. Sometimes it's justified as padding in the case that something unexpected happens, whereby you aren't squeezed, or may have to go back to ask for more money.

Sure, they ACTUALLY buy the stapler from Office Depot, but they budgetarily charged the government an inflated price for it.

This is really prevalent in no-bid contracts. In an open biding system, the bidders are encouraged to properly estimate the cost of all resources required in order to win the bid,i.e. the free market system.


RE: Social Security
By dever on 4/7/2007 11:21:54 AM , Rating: 2
Or even worse, they require purchases be made from "minority" run businesses.