The Government Accountability Office called on Congress to expand the authority of the Internal Revenue Service to monitor and coordinate third-party providers to secure sensitive financial and taxpayer information more effectively against cyber threats. Nearly 90 percent of people file their taxes every year using commercial software or a paid tax return preparer. GAO issued a new report on Thursday highlighting that IRS is failing to properly monitor its service providers to protect financial information.
“Some of these third parties may not know how to keep your information safe,” GAO said. “Also, IRS doesn't have the same information security requirements for all software companies or for all paid preparers, so taxpayer information isn't consistently protected from hackers.”
Between 2017 and 2018, IRS reported increased high-risk security incidents, including hackers trying to access third-party provider systems. GAO said the agency lacks explicit authority to regulate security of systems used by paid preparers or Authorized e-file Providers. IRS has also failed to regularly update security, privacy and business standards since 2010 and its monitoring efforts has a limited focus on cybersecurity issues.