Is the IRS Doing Enough to Protect Personal Information of Taxpayers?

Tax season here and the filing deadline is looming. During such a time each year a question always arises; is my personal information safe in the hands of the IRS? While such a question doesn't have a clear answer, the IRS is under scrutiny and pressure to beef up its cybersecurity efforts, which is leaving many people uneasy about trusting the agency.

Let's face it. The U.S. Internal Revenue Service isn't anyone's friend unless you are a portion of the population who don't mind forking over a good percentage of your earnings for many underlying reasons. While we could preach about how taxpayer money is put to good use in America, there are probably just as many reasons to believe that it isn't being used properly. Regardless, the IRS is facing 94 open cybersecurity recommendations from the Government Accountability Office. With so many recommendations, most of which are exclusively advising the IRS to step up their cybersecurity efforts, taxpayers aren't feeling very safe with their information in the hands of an agency that has faced several security breaches in the past few of years.

"In my view, taxpayers have been failed by the agencies, the companies and the policymakers here in Congress they rely on to protect them," said Senator Ron Wyden during a hearing. Wyden added that "Hackers and crooks, including many working for foreign crime syndicates, are jumping at every opportunity they have to steal hard-earned money and sensitive personal data from U.S. taxpayers."

The IRS has faced security breaches that have allowed hundreds of thousands of taxpayer accounts to be exposed. The IRS has even gone through procedures to suspend a web-based service that allowed taxpayers to retrieve IP Protection PINS in an effort to thwart cyberattacks.

With the IRS breaches being only a portion of what the U.S. Government has faced for security breaches, the agency remains to house information that could greatly affect taxpayers and potentially lead to countless cases of identity theft if it is left unchecked. To add insult to injury, E-file vendors have had security issues as well that has resulted in many fraudulent tax return filings.

Getting the best cybersecurity workers to improve upon the overall structure of locking down sensitive data has never been an easy task. Granted, the IRS has worked overtime to improve their cybersecurity getting more than 2,000 security recommendations from the U.S. Government Accountability Office and the Treasury Department's inspector general. Among those recommendations, the IRS has implemented about 80% of them thus far in hopes to curtail security breaches and data leaks.

To give the IRS credit, there have been other government entities outside of the U.S. with much worse cybersecurity that resulted in the personal information of about 70 million people become compromised. The hacker group called Cyber Justice Team was responsible for leaking the data from many different Syrian government and private websites all collected from the Philippine Commission on the Elections (Comelec).

Fortunately, for the IRS, data breaches have been secluded acts and data leaked only accounted for hundreds of thousands of records instead of millions. However, with the IRS and their systems being hit with over a million malicious attempts each day to access data, their cybersecurity infrastructure must be iron clad.

Have the recent cybersecurity changes that the IRS has made, such as moving away from passwords and using access cards, changing passwords on some of its servers every 90 days, and providing online security training to new contractors, potentially made the IRS more secure? It's a question we will keep asking ourselves throughout this year's tax season in hopes that everyone's information is kept safe.