Source: Treasury Inspector General for the Tax Administration, May 18, 2010
The Internal Revenue Service (IRS) provides its taxpayer data to contractors who store and process the data at their own facilities in support of the IRS’ mission of tax administration. The IRS did not have effective processes to identify all contractors with IRS taxpayer data that require annual security reviews by the IRS and did not ensure computer security weaknesses identified at contractor facilities during security reviews have been corrected. As a result, taxpayer data may be at risk for unauthorized access or disclosure.