Report: IRS protected taxpayer data during flood

A recent audit of the Internal Revenue Service's response to flooding last summer at its Washington headquarters found that while officials protected taxpayer data satisfactorily, it took several days for them to set up a system to track computers that were removed from the building.

From the start of the "rare tropical deluge" that soaked the agency's headquarters the evening of June 25, 2006, the building was adequately protected by security guards, the report from the Treasury Inspector General for Tax Administration stated. The storm left the building's sub-basement under more than 20 feet of water, and the basement under five feet.

Taxpayer data stored in the basement and damaged in the flooding was properly protected and disposed of, the IG found.

The IRS spent about $50,000 on overtime to quickly set up a temporary computer infrastructure for the 2,200 agency employees displaced after the flooding, the report stated. The building did not reopen until Dec. 6. All displaced employees had computer service a month after the disaster, and the IRS did not request additional funding, according to the IG.

But while auditors commended the IRS' overall efforts, they found that the agency did not begin tracking computers that were removed from headquarters in a timely manner.

Everyone entering the building after the flood to retrieve personal items, files or computers was required to sign in and out, but the agency's incident management plan did not include procedures for recording the location of computer equipment. It took five days for IRS officials to implement an asset-tracking process, the report noted.

On June 30, the IRS also mandated that computer equipment had to stay put unless officials moved the items such as desktop computers, laptops and servers under controlled and secure conditions.

But in the days before these procedures were established, there was the potential for mix-ups, the IG found.

For example, seven servers that the wage and investment division used were removed three days after the flooding began without the approval of the agency's Modernization and Information Technology Services organization, which was responsible for restoring the building's computer infrastructure.

After discovering that the servers were stored overnight in a non-IRS building, IT officials ordered them to be moved to an IRS facility.

On June 28 and June 29, the criminal investigation division's computer staff moved 41 computer servers from the building, using a rental truck. Division officials told the IG that computer assets were always under the division's control and were secure at all times.

The tracking policies established five days after the flood required employees to retroactively document the items they removed from the building, the IG said. That resulted in 148 employees reporting that they took 104 computers from the building between June 26 and June 29. In total, employees removed 627 computers, including 464 laptop computers.

An IRS records inventory for the building as of Aug. 15 showed that nearly half the servers assigned to the headquarters building had not been scanned or modified after the flood, the report stated. While it is likely that many of these servers remained inside the building, the auditors said they could not be sure because of the lag before the asset-tracking system was in place.

Officials with IRS' agencywide shared services division agreed with the findings and said they have implemented the auditors' only recommendation, which was to include an asset-tracking system in all IRS building incident management plans.

The audit is the first of three TIGTA reports requested by the Senate Finance Committee on this incident.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by Brocade

    Best of 2016 Federal Forum eBook

    Earlier this summer, Federal and tech industry leaders convened to talk security, machine learning, network modernization, DevOps, and much more at the 2016 Federal Forum. This eBook includes a useful summary highlighting the best content shared at the 2016 Federal Forum to help agencies modernize their network infrastructure.

  • Sponsored by CDW-G

    GBC Flash Poll Series: Merger & Acquisitions

    Download this GBC Flash Poll to learn more about federal perspectives on the impact of industry consolidation.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by Aquilent

    A DevOps Roadmap for the Federal Government

    This GBC Report discusses how DevOps is steadily gaining traction among some of government's leading IT developers and agencies.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

  • Sponsored by CDW-G

    Joint Enterprise Licensing Agreements

    Read this eBook to learn how defense agencies can achieve savings and efficiencies with an Enterprise Software Agreement.

  • Sponsored by Cloudera

    Government Forum Content Library

    Get all the essential resources needed for effective technology strategies in the federal landscape.


When you download a report, your information may be shared with the underwriters of that document.