Report: IRS protected taxpayer data during flood

A recent audit of the Internal Revenue Service's response to flooding last summer at its Washington headquarters found that while officials protected taxpayer data satisfactorily, it took several days for them to set up a system to track computers that were removed from the building.

From the start of the "rare tropical deluge" that soaked the agency's headquarters the evening of June 25, 2006, the building was adequately protected by security guards, the report from the Treasury Inspector General for Tax Administration stated. The storm left the building's sub-basement under more than 20 feet of water, and the basement under five feet.

Taxpayer data stored in the basement and damaged in the flooding was properly protected and disposed of, the IG found.

The IRS spent about $50,000 on overtime to quickly set up a temporary computer infrastructure for the 2,200 agency employees displaced after the flooding, the report stated. The building did not reopen until Dec. 6. All displaced employees had computer service a month after the disaster, and the IRS did not request additional funding, according to the IG.

But while auditors commended the IRS' overall efforts, they found that the agency did not begin tracking computers that were removed from headquarters in a timely manner.

Everyone entering the building after the flood to retrieve personal items, files or computers was required to sign in and out, but the agency's incident management plan did not include procedures for recording the location of computer equipment. It took five days for IRS officials to implement an asset-tracking process, the report noted.

On June 30, the IRS also mandated that computer equipment had to stay put unless officials moved the items such as desktop computers, laptops and servers under controlled and secure conditions.

But in the days before these procedures were established, there was the potential for mix-ups, the IG found.

For example, seven servers that the wage and investment division used were removed three days after the flooding began without the approval of the agency's Modernization and Information Technology Services organization, which was responsible for restoring the building's computer infrastructure.

After discovering that the servers were stored overnight in a non-IRS building, IT officials ordered them to be moved to an IRS facility.

On June 28 and June 29, the criminal investigation division's computer staff moved 41 computer servers from the building, using a rental truck. Division officials told the IG that computer assets were always under the division's control and were secure at all times.

The tracking policies established five days after the flood required employees to retroactively document the items they removed from the building, the IG said. That resulted in 148 employees reporting that they took 104 computers from the building between June 26 and June 29. In total, employees removed 627 computers, including 464 laptop computers.

An IRS records inventory for the building as of Aug. 15 showed that nearly half the servers assigned to the headquarters building had not been scanned or modified after the flood, the report stated. While it is likely that many of these servers remained inside the building, the auditors said they could not be sure because of the lag before the asset-tracking system was in place.

Officials with IRS' agencywide shared services division agreed with the findings and said they have implemented the auditors' only recommendation, which was to include an asset-tracking system in all IRS building incident management plans.

The audit is the first of three TIGTA reports requested by the Senate Finance Committee on this incident.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.