[Clips] FINCEN's SARs: IRS probing possible data security breaches

R.A. Hettinga rah at shipwright.com
Fri Jun 24 20:09:24 EDT 2005 

--- begin forwarded text


 Delivered-To: clips at philodox.com
 Date: Fri, 24 Jun 2005 20:08:37 -0400
 To: Philodox Clips List <clips at philodox.com>
 From: "R.A. Hettinga" <rah at shipwright.com>
 Subject: [Clips] FINCEN's SARs: IRS probing possible data security breaches
 Reply-To: rah at philodox.com
 Sender: clips-bounces at philodox.com

 <http://reuters.myway.com/article/20050624/2005-06-24T203656Z_01_N24203433_RTRIDST_0_NEWS-SECURITY-USA-DATA-DC.html>

 My Way News

 IRS probing possible data security breaches

 Jun 24, 4:36 PM (ET)


  By Caroline Drees, Security Correspondent

 WASHINGTON (Reuters) - The Internal Revenue Service is investigating
 whether unauthorized people gained access to sensitive taxpayer and bank
 account information but has not yet exposed any privacy breaches, an
 official said on Friday.

 The U.S. tax agency -- whose databases include suspicious activity reports
 from banks about possible terrorist or criminal transactions -- launched
 the probe after the Government Accountability Office said in April that the
 IRS "routinely permitted excessive access" to the computer files.

 The GAO team was able to tap into the data without authorization, and
 gleaned information such as bank account holders' names, social security
 numbers, transaction values, and any suspected terrorist activity. It said
 the data was at serious risk of disclosure, modification or destruction.

 "There is no evidence that anyone who was not authorized accessed the data
 outside the GAO," said Sheri James, a spokeswoman for the Treasury's
 Financial Crimes Enforcement Network (FinCEN), which is working with the
 IRS to address the concerns of the GAO, the investigative arm of Congress.

 "The assessment remains ongoing at this time," James said.

 IRS officials were not immediately available for comment.

 FinCEN is responsible for administering the Bank Secrecy Act, under which
 banks must file suspicious activity reports on transactions they believe
 could be linked to money laundering or terrorism financing. The IRS stores
 this data for FinCEN.

 As their name suggests, these reports are filed based on suspicions, not
 necessarily proof, and the vast majority never lead to investigations or
 prosecutions.

 Unauthorized access to the information held by the IRS raises concerns
 about the privacy rights and civil liberties of innocent banking clients as
 well as ordinary taxpayers.

 >From October, when FinCEN rolls out a new computer system called BSA
 Direct, the agency will for the first time take control of all BSA data
 from filing to dissemination, which it hopes will significantly bolster
 data security.

 Taxpayer data will remain with the IRS, which the Treasury says is
 addressing its "computer security deficiencies."

 Concerns about privacy violations through weak computer security are
 mounting in the United States, where a string of companies this year have
 reported stolen or misappropriated customer data, including Bank of America
 Corp., ChoicePoint Inc. and Reed Elsevier .

 Since ChoicePoint announced in February that it mistakenly sold 145,000
 consumer profiles to a ring of identity thieves, dozens of other
 organizations, from banks to universities, have announced security breaches
 of their own.


 --
 -----------------
 R. A. Hettinga <mailto: rah at ibuc.com>
 The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 _______________________________________________
 Clips mailing list
 Clips at philodox.com
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list