Shostack + Friends Blog Archive

 

FinCen (IRS), Potentially tens of thousands, Complacent Bureaucrats

fincen-badge.jpg
The U.S. tax agency — whose databases include suspicious activity reports from banks about possible terrorist or criminal transactions — launched the probe after the Government Accountability Office said in April that the IRS “routinely permitted excessive access” to the computer files.

The GAO team was able to tap into the data without authorization, and gleaned information such as bank account holders’ names, social security numbers, transaction values, and any suspected terrorist activity. It said the data was at serious risk of disclosure, modification or destruction.

“There is no evidence that anyone who was not authorized accessed the data outside the GAO,” said Sheri James, a spokeswoman for the Treasury’s Financial Crimes Enforcement Network (FinCEN), which is working with the IRS to address the concerns of the GAO, the investigative arm of Congress.

There’s also no evidence that the GAO investigators were detected. That raises the question, are drug dealers and terrorists tapping into this database, perhaps via the very capitalistic Russian organizations, and if they are, would FinCen have noticed?

It also raises the question of “Who’s going to get fired for this?”

Hah. Just kidding. We all know that failure to protect prole data doesn’t cost anyone anything.

(Reuters, thanks to Samablog [http://samablog.robsama.com/] for the pointer.)