Investigators posing as IRS computer help desk personnel were able to
persuade 60% of Service employees they contacted to change their
password to one the investigator suggested, a violation of IRS computer
security rules. The findings by the Treasury Inspector General for Tax
Administration (TIGTA) echoed those of a similar test by TIGTA in 2001,
when 71% of employees contacted breached password security. In a retest
in 2004, only 35% of employees contacted did so. In the latest check,
only eight of the 102 employees approached reported the request as
suspicious; such reporting is a requirement under IRS computer security
protocols. The IRS will remind employees of potential threats and
conduct its own, more extensive test during fiscal 2008.
