Report: IRS protected taxpayer data during flood

A recent audit of the Internal Revenue Service's response to flooding last summer at its Washington headquarters found that while officials protected taxpayer data satisfactorily, it took several days for them to set up a system to track computers that were removed from the building.

From the start of the "rare tropical deluge" that soaked the agency's headquarters the evening of June 25, 2006, the building was adequately protected by security guards, the report from the Treasury Inspector General for Tax Administration stated. The storm left the building's sub-basement under more than 20 feet of water, and the basement under five feet.

Taxpayer data stored in the basement and damaged in the flooding was properly protected and disposed of, the IG found.

The IRS spent about $50,000 on overtime to quickly set up a temporary computer infrastructure for the 2,200 agency employees displaced after the flooding, the report stated. The building did not reopen until Dec. 6. All displaced employees had computer service a month after the disaster, and the IRS did not request additional funding, according to the IG.

But while auditors commended the IRS' overall efforts, they found that the agency did not begin tracking computers that were removed from headquarters in a timely manner.

Everyone entering the building after the flood to retrieve personal items, files or computers was required to sign in and out, but the agency's incident management plan did not include procedures for recording the location of computer equipment. It took five days for IRS officials to implement an asset-tracking process, the report noted.

On June 30, the IRS also mandated that computer equipment had to stay put unless officials moved the items such as desktop computers, laptops and servers under controlled and secure conditions.

But in the days before these procedures were established, there was the potential for mix-ups, the IG found.

For example, seven servers that the wage and investment division used were removed three days after the flooding began without the approval of the agency's Modernization and Information Technology Services organization, which was responsible for restoring the building's computer infrastructure.

After discovering that the servers were stored overnight in a non-IRS building, IT officials ordered them to be moved to an IRS facility.

On June 28 and June 29, the criminal investigation division's computer staff moved 41 computer servers from the building, using a rental truck. Division officials told the IG that computer assets were always under the division's control and were secure at all times.

The tracking policies established five days after the flood required employees to retroactively document the items they removed from the building, the IG said. That resulted in 148 employees reporting that they took 104 computers from the building between June 26 and June 29. In total, employees removed 627 computers, including 464 laptop computers.

An IRS records inventory for the building as of Aug. 15 showed that nearly half the servers assigned to the headquarters building had not been scanned or modified after the flood, the report stated. While it is likely that many of these servers remained inside the building, the auditors said they could not be sure because of the lag before the asset-tracking system was in place.

Officials with IRS' agencywide shared services division agreed with the findings and said they have implemented the auditors' only recommendation, which was to include an asset-tracking system in all IRS building incident management plans.

The audit is the first of three TIGTA reports requested by the Senate Finance Committee on this incident.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care


When you download a report, your information may be shared with the underwriters of that document.