The nation's dedicated tax-collecting agency raised eyebrows about five years ago when it discovered more than 2,300 of its computers had gone AWOL. (For the record, all but 300 of them were considered old enough to be worthless, and about 1,600 were subsequently located, officials said at the time.)
A recent audit report indicates the Internal Revenue Service's woes in that area haven't gone away. Internal inspectors found that "at least" 490 computers--including 13 desktop machines--were lost or pilfered in 387 separate incidents between January 2003 and June 2006. (As of last July, the IRS had assigned 47,000 laptop computers to its some 100,000 employees.)
"If lost or stolen, taxpayer data can be used for identity theft and/or other fraudulent purposes," said a report released late last month by the Treasury Inspector General for Tax Administration.
Acknowledging incomplete information, investigators determined that about 126 of the incidents "contained sufficient details to show that personal information for at least 2,359 individuals was involved." For 179 incidents, they ruled out involvement of taxpayer data.
The report said employees likely could have prevented some of the episodes by locking up their machines, both at home and in IRS facilities--where 111 of the reported incidents occurred.
The auditors also found that laptop security was lax. Of 100 computers tested by the inspectors, 44 contained unencrypted "sensitive" data, including information about taxpayers and IRS personnel. Backup data stored on portable media at four offsite locations visited by the inspectors were also unencrypted and insufficiently protected from physical intrusion.
Just last week, the Government Accountability Office at the tax-collecting agency. Agency officials responding to both reports said they have already begun taking steps to remedy the problems and continue to do so.
Lest anyone believe the IRS is the lone offender in this area, that reported earlier this year that 160 of its laptops had been lost or stolen over a 44-month period. And last September, the Department of Commerce reported 1,138 lost, stolen or missing laptops since 2001--249 of which contained what would be considered sensitive information about individuals.