IRS says states must encrypt electronic tax records - WTOC-TV: Savannah, Beaufort, SC, News, Weather & Sports

IRS says states must encrypt electronic tax records


It didn't take the Internal Revenue Service long to set the record straight after Governor Nikki Haley put the responsibility of the security breach on the Department of Revenue computer system on what she described as lax IRS standards.

Governor Haley has presided over the public relations effort of one of the largest cyber attacks of any government agency in the history of the United States.

Now, less than a month after going public with news of a hacker stealing the personal information of more than 4 million taxpayers and businesses, Haley's Department of Revenue chief resigned. And the governor has shifted blame to the federal government.

"When you combine the fact that we had 1970 equipment, combined with the fact that we were IRS compliant...[it]was a cocktail for an attack," said Haley. "And, the reason why I say that is because the IRS, which we were compliant with, does not believe you have to encrypt Social Security numbers."

The IRS responded early Wednesday, refuting the governor's claim. 

In an e-mail, IRS spokeswoman Michelle Eldridge wrote:

"Protecting taxpayer data is our top priority at the IRS. We have many different systems with a variety of safeguards -- including encryption -- to protect taxpayer data. The IRS has in a place a robust cyber security of technology, people and processes to monitor IRS systems and networks.

We work closely with the states to ensure the protection of federal tax data. We have a long list of requirements for states to handle and protect federal tax information. Just as importantly, we expect the states to follow the standards of the National Institute of Standards and Technology. 

We just received the letter from Gov. Haley, and we will be reviewing it."

Haley's claims about the IRS came within minutes Tuesday of admitting the state and the revenue department didn't do enough to protect taxpayer data.

"We had two vulnerabilities," said Haley. "One was that we had no dual verification to get into the system, the second one was that the encryption of the Social Security data wasn't there."

"We should go above and beyond," Haley continued. "I want to make it very clear -- we didn't do enough and we should go above and beyond to make sure that we do."

The governor says she's meeting with the state's congressmen to have the IRS require encryption in its standards. But the IRS says that's already on the books.

Copyright 2012 WIS.  All rights reserved.

Powered by Frankly