From the U.S. Government Accountability Office, www.gao.gov Transcript for: IRS & Taxpayer Data: Critical Weaknesses in Security Description: The Internal Revenue Service (IRS) has implemented access controls and other safeguards to help mitigate risks to taxpayer information, but continuing weaknesses pose a risk. Since fiscal year 2010, GAO has made 451 recommendations to IRS aimed at safeguarding taxpayer information. IRS has implemented many of these recommendations; however, 77 recommendations have not been implemented as of March 2023. GAO is making 15 additional recommendations that could help IRS better manage system security risks, implement safeguards to ensure protected service delivery, and identify cybersecurity events and incidents. Related GAO Works: GAO-23-105395. Security of Taxpayer Information: IRS Needs to Address Critical Safeguard Weaknesses Released: September 2023 [ GAO's Jessica Lucas-Judy, Director, Strategic Issues, speaking ] [ Jessica Lucas-Judy: ] Your tax returns are filled with sensitive personal and financial data, which you expect the IRS to protect. However, recent disclosures of sensitive taxpayer data have made headlines. IRS employees and contractors are supposed to complete several related training courses on cybersecurity information safeguards and more. But we found that contractors' training completion rates are significantly lower than those of employees. There were also gaps in contractor oversight, including IRS's monitoring of contractors' rates of unauthorized access or disclosure of taxpayer data. [ GAO's Jennifer Franks, Director, Information Technology & Cybersecurity, speaking ] [ Jennifer Franks: ] Also, IRS relies on several outdated information systems and hasn't yet completed an inventory of all the systems that contain sensitive taxpayer data. So in addition to the cybersecurity concerns we found, there may be some taxpayer data in IT systems that the IRS hasn't even accounted for. Since fiscal year 2010, GAO has made 451 recommendations to the IRS. Of those, 77 had not been implemented as of March 2023. [ Jessica Lucas-Judy: ] In this report, we're making 15 additional recommendations and one matter for Congress to consider to help mitigate risks to taxpayers' personal and financial information. [ Jennifer Franks: ] For more information, visit GAO.gov. [ End ] For more info, check out our report GAO-23-105395 at: GAO.gov