The U.S. tax agency needs to ramp up its oversight of third party cybersecurity practices or it risks exposing taxpayers to identity theft fraud or disclosing their sensitive information, the Government Accountability Office warns.
In a report to the ranking member of the House Committee on Ways and Means, GAO said the IRS is bound by federal laws that protect taxpayer return information. Generally, those laws don’t encompass the paid tax return preparers and tax preparation software providers that help Americans with their tax returns.
“If these third parties do not properly secure taxpayers’ information, it may be vulnerable to theft or unauthorized use,” GAO said.
More specifically, cyber criminals could set their sights on these third parties to steal taxpayer data and then use that to commit identity theft refund fraud or other types of financial crimes.
To prevent that from happening, GAO made eight recommendations to the IRS commissioner. Among them: create a governance model to coordinate the IRS’ efforts to safeguard taxpayer information while at third party providers, and require tax software providers to comply with information security controls.