IRS loses 500 laptops, exposes 2000 people

By Justin Mann on April 6, 2007, 9:27 PM
The situation with identify theft and fraud isn't getting any better, especially when an institution that has access to as much financial information as the IRS loses 500 laptops. Surprisingly, the loss of that many machines exposed very few people, relatively. However, 2000 people were still put at risk, with many laptops stolen directly from the IRS. From 100 tested, 44 of them were found to have data that was not only sensitive, but unencrypted as well.

How can a government agency as powerful as the IRS not only lose so many machines, but have so lax policies and apparently no enforcement of what policies do exist to protect data? It's a sad situation, and it doesn't seem to be getting any better. You can protect your data and your identity all you want but what if the institutions you trust don't? Apparently, the IRS became aware of these problems four years ago, but didn't begin fixing them until just last year.

User Comments: 7

Got something to say? Post a comment
shl0791 said:
how come the title says "IRC" when the rest of the article says "IRS"? I'm confused. I thought the Inter Relay Chat system lost 500 lappys.
Julio said:
Oops... thanks!
phantasm66 said:
Why do people need to carry around customer's / client's personal details and stuff on their laptop anyway? Surely records should be on a database in a datacenter. If you need remote access to that datbase you connect from the laptop via VPN, and then use a web application to access the data, which is using SSL. Am I missing something? I just can't understand these stories about lots of consumer details getting leaked because a laptop was lost... what was the data doing on the local hard drive to begin with?
PanicX said:
It's absurd at best. The only inclination I can conjure up is some sort of background caching that the laptops are performing, so that the employee can still work when unplugged. Such as Outlook's feature to cache your mailbox off the exchange server. Perhaps customers use a web form that emails their information to a local exchange box; said box is then cached locally on user's PC and vulnerable to theft. I've no idea what the case really is here and I agree that no information should be stored locally that's sensitive. Its a fundamental lack of common sense on the IRS's part.
phantasm66 said:
I think the likely explanation is that people are copying confidential data, unencrypted, onto their laptops because ITS EASIER FOR THEM to do so, rather than use VPN or even dial-up if that is the only option open to them.If I was IT directory of a company and someone took confidential data away, unencrypted on a portable device, I would sack them.
ravisunny2 said:
Did you mean Director ?
phantasm66 said:
[b]Originally posted by ravisunny2:[/b][quote]Did you mean Director ?[/quote]Indeed I did, yes.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.