If you thought you couldn\u2019t like the Internal Revenue Service (IRS) any less, think again. For the past six years straight the IRS failed to install critical software fixes, let unauthorized people access accounting programs and didn\u2019t make sure contractors had received proper security training.\n\tAccording to a report from the Government Accountability Office (GAO), last year the IRS corrected just 29 of 105 previously reported weaknesses, or less than one third of the issues. And 13 of those 29 fixes had been done improperly or incompletely, the GAO reports.\n\tSpecific failures include:\n\t\n\t\tLack of controls for identifying and authenticating users, including requirements for strong passwords\n\t\n\t\tAccess to certain servers not appropriately restricted\n\t\n\t\tSensitive data transmitted without encryption\n\t\n\t\tLax physical access controls\n\n\tSo it's no surprise that last October the Treasury Inspector General for Tax Administration (TIGTA) said the top priority in its list of management challenges for the IRS this year was security of taxpayer data, including securing computer systems. That\u2019s not to say no action was taken to address the problem; the action just wasn't very thorough or effective. In addition to a partially-implemented IT security program, the IRS is also at risk due to known vulnerabilities from outdated and unsupported software, and shortcomings in system backups are placing data availability at risk, according to the GAO.\n\tBy the way, TIGTA put out a report Monday that said it was unable to confirm that 77 percent of the agency\u2019s new hires had been subjected to required background checks. Yikes.\n\tThe IRS is currently five years overdue for complaince with a federal cybersecurity law that says agencies must have department-wide programs that, among other things, train personnel to comply with security policies and test technical protections. I wonder if there\u2019s any sort of late fee or other penalty on that...\n\tDon\u2019t worry too much, though. In response to the report, the IRS agreed to develop a detailed corrective action plan to address the problems.