IRS’ Outdated App Security Leaves Taxpayers at Risk of Identity Theft, Watchdog Says
A recent audit by the Treasury Inspector General for Tax Administration (TIGTA) concluded that many of the IRS’ web applications that people can use to pay taxes or access tax-related services are relying on outdated security controls.
In order to properly secure taxpayers, the apps should incorporate the National Institute of Standards and Technology’s (NIST) 2017 framework for digital identity verification. However, the security mechanisms built into IRS apps have not been updated since then and still follow the NIST’s previous framework from 2013. Cybercriminals can take advantage of these outdated security controls in order to steal the identity of taxpayers and to commit numerous other crimes.
This is very worrisome since “the IRS has become a target of criminals and identity thieves” according to TIGTA, precisely because its applications “collect, process, and store large amounts of taxpayer data.”