"IRS computers are still running the 13-year old Microsoft (MSFT) Windows XP operating software which Microsoft stopped supporting a year ago with security updates. Even the agency’s fraud-catching software is two decades old. The outdated software may have played a role in the breach the IRS announced last week in which thieves hacked into the agency’s online service and gained access to more than 100,000 taxpayer accounts.
The criminals used personal data obtained from other sources, including Social Security numbers, street addresses and dates of birth to get into the IRS’ “Get Transcript” service. The service was subsequently shut down. The thieves gained access to tax returns and other tax information on file with the IRS.
IRS Commissioner John Koskinen has said budget cuts have kept the service from upgrading, telling Congressional members that “we still have applications that were running when John F. Kennedy was president.”
The news comes as cold comfort to the tens of thousands of Americans who have had their identity stolen as a result of filing their taxes. And, the breaches can be no surprise to the IRS itself which has been warned repeatedly by the Government Accountability Office over limited security controls. In the most recent report, the GAO found 69 potential problems, including weak employee passwords.
The tax reporting agency is embroiled in several scandals. The agency used its powers to delay or deny non-profit status applications by groups with “tea party” and “patriot” in their names, an overreach of power that has led to a criminal investigation by the agency’s inspector general. Further, its aggressive hounding of small businesses, including seizing bank accounts of businesses the agency suspects of involvement in criminal activity was halted because of complaints late last year."