via
My Way News with an assist from the omnipresent
Instapundit:
WASHINGTON (Reuters) - The Internal Revenue Service is investigating whether unauthorized people gained access to sensitive taxpayer and bank account information but has not yet exposed any privacy breaches, an official said on Friday.
The U.S. tax agency -- whose databases include suspicious activity reports from banks about possible terrorist or criminal transactions -- launched the probe after the Government Accountability Office said in April that the IRS "routinely permitted excessive access" to the computer files.
The GAO team was able to tap into the data without authorization, and gleaned information such as bank account holders' names, social security numbers, transaction values, and any suspected terrorist activity. It said the data was at serious risk of disclosure, modification or destruction.
I think it's safe to say (having actually worked in the computer security field for a while) that while we do know how to make sure sensitive information stored in computers stays reasonably secure (i.e. AES encryption, two-factor authentication, etc., etc.), it's expensive and complex, and most organizations seem to think it's simply not worth the effort.
Hey, guys and gals, it's worth the effort.