How Safe is Taxpayer Data? -- Security Today

How Safe is Taxpayer Data?

By Hagai Schaffer
Feb 05, 2015

How Safe is Taxpayer Data? The Treasury Department's inspector general for tax administration stated that the IRS needs to boost its efforts to protect tax payer data, according to a report filed last October. The document states that the IRS does not take adequate measures to secure taxpayer information before sharing it with state exchanges created by Obamacare.

Having tax payer information at risk is nothing new.

Although the vast majority of employees are trustworthy, misuse of taxpayer information can result in legal liability, lost revenues and a tarnished reputation creating a major concern for tax agencies. There are 6000-8000 complaints on average filed each year against IRS employees for civic and criminal investigations according to the US Treasury Inspector General. In 2011 the IRS watchdog, Treasury Inspector General for Tax Administration (TIGTA) announced that 2,200 databases used by the IRS to manage and process taxpayer information were not secure.

As early as 1997, the Internal Revenue Service fired 23 employees, disciplined 349 and counseled 472 after agency audits found that government computers were being misused by employees to browse tax records of friends, relatives and celebrities.

More recently, data leakage has even been blamed for impacting the results of a presidential election. In 2012, Fox News reported that an anti-gay marriage group bent on banning same sex marriage in the U.S. accused the IRS of leaking tax documents that showed GOP presidential candidate Mitt Romney as a contributor.

In addition to leaking information, tax agency employees have ample opportunities for financial gain. Bogus claims can be filed to receive unemployment and other social benefits, and tax credits can be fabricated or artificially inflated to boost the size of tax refunds.

Last year the Justice Department charged 13 Internal Revenue Service employees with "brazenly stealing" over $250,000 in government benefits including unemployment insurance, food stamps, welfare, and housing vouchers. In 2012, an IRS employee claimed a non-existent school in South Carolina was attended by dozens of children to enable tax payers to receive larger tax refunds, and the previous year more than 100 IRS employees fraudulently claimed a first-time homebuyer tax credit.

Whistle blowing is one way to combat insider fraud, but it has its limitations. Many employees can be afraid of repercussions including poor performance reviews, receiving less favorable work conditions or even a possible termination.

There are several technologies available which can help detect misuse of taxpayer information. Data Leakage Prevention (DLP) solutions can identify when employees print sensitive documents, transfer data to USBs and external drives or email taxpayer information. However, these methods are usually more effective for unintentional data leakage. Employees who steal data intentionally can easily bypass DLP solutions by using a mobile phone to take pictures of data on a screen, or slightly altering the sensitive data before transmitting it, in addition to utilizing other methods.

One method for detecting intentional data leakage is to analyze log file data. This method detects when taxpayer data is changed or added but cannot detect users who browse tax payer records since log files don’t typically track when files are accessed but not edited.

A more effective approach to counteract intentional leakage is to monitor employee online activity by sniffing network traffic. In this case all user activity is monitored and analyzed including when they add, modify, browse or query taxpayer data. When behavioral analysis is performed on the captured data it can detect suspicious activity that shows intent to leak sensitive data, before any data is lost. If tax agencies can detect suspicious activity sooner, taxpayer data can be more secure.

As the US government relies more and more on online processes to provide basic services, personal data will be more susceptible to being breached. Based on pressure from citizens and other governmental authorities, tax agencies may lead the way to taking advanced measures to protect citizens’ privacy and assets.

Verkada Hits 25,000 Customers Globally
07/26/2024
IDIS Video Technology Provides Foundation For Indian Railways Growth Plans
07/19/2024
SIA, International Association of Professional Security Consultants Announce Partnership
07/19/2024
Empowering Boutique Security Companies to Play Big
07/16/2024
dormakaba Consolidates Sites and Opens New Hub and Production Facility in Montreal
07/15/2024
NAPCO Access Pro Sales Division Announces Personnel Changes
07/15/2024
RAD Joins ZeroNow as a Partner in Making Schools Safer
07/15/2024
Traka ASSA ABLOY Wins 2024 Red Dot Award for Touch Pro Series of Electronic Key Management Cabinets
07/01/2024

Featured

The Next Generation

Video security technology has reached an inflection point. With advancements in cloud infrastructure and internet bandwidth, hybrid cloud solutions can now deliver new capabilities and business opportunities for security professionals and their customers. Read Now
- IP Video
Help Your Customer Protect Themselves

In the world of IT, insider threats are on a steep upward trajectory. The cost of these threats - including negligent and malicious employees that may steal authorized users’ credentials, rose from $8.3 million in 2018 to $16.2 million in 2023. Insider threats towards physical infrastructures often bleed into the realm of cybersecurity; for instance, consider an unauthorized user breaching a physical data center and plugging in a laptop to download and steal sensitive digital information. Read Now
- Cybersecurity
Enhanced Situation Awareness

Did someone break into the building? Maybe it is just an employee pulling an all-nighter. Or is it an actual perpetrator? Audio analytics, available in many AI-enabled cameras, can add context to what operators see on the screen, helping them validate assumptions. If a glass-break detection alert is received moments before seeing a person on camera, the added situational awareness makes the event more actionable. Read Now
- Artificial Intelligence
Transformative Advances

Over the past decade, machine learning has enabled transformative advances in physical security technology. We have seen some amazing progress in using machine learning algorithms to train computers to assess and improve computational processes. Although such tools are helpful for security and operations, machines are still far from being capable of thinking or acting like humans. They do, however, offer unique opportunities for teams to enhance security and productivity. Read Now
- Artificial Intelligence

Webinars

Hanwha Vision (formerly Hanwha Techwin), Eagle Eye Networks Inc, Salient Systems

Smart Buildings: Focus on Networking and Video Surveillance
The State of Safe Web Browsing in Enterprises Today
BriefCam

AI-Driven Video Analytics: The Foundation for Your Security Tech Stack

Whitepapers

Axis Communications, Inc.

Virginia School Security Grants
ASSA ABLOY

The evolution of data center security: Safeguarding critical assets in today’s data centers
Winsted Corporation

All-Star Lineup

New Products

PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3
Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3
4K Video Decoder

3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3