The audit conducted by the Office of the Treasury Inspector General for Tax Administration (TIGTA) discovered that IRS employees, including managers, are not complying with the basic computer security practice of protecting their passwords.

TIGTA conducted a sting operation, convincing 61 out of 102 IRS employees contacted by telephone to disclose their usernames and temporarily change their passwords to ones TIGTA suggested. Applying TIGTA’s “success” rate of 60%, Baucus said that almost 60,000 of the IRS’s 100,000 employees and contractors are susceptible to computer hackers, putting untold amounts of personal taxpayer information at risk for unauthorized disclosure, theft and fraud.

“Despite repeated warnings, IRS workers continue to show reckless disregard for computer security," Baucus remarked. "Continued failure in this area is leaving millions of American taxpayers vulnerable to identity theft and other fraudulent schemes. Every IRS employee should take personal responsibility for protecting confidential taxpayer information. The IRS must take this problem more seriously and take aggressive steps to ensure that all employees understand and carry out security requirements.”

The audit was initiated as part of TIGTA’s statutory requirement to annually review the adequacy and security of IRS technology. The overall objective of the review was to evaluate the susceptibility of IRS employees to attempts by hackers to gain access to IRS systems.