According to
"As a result, IRS is at increased risk of unauthorized disclosure, modification or destruction of financial and taxpayer information," said Gregory Wilshusen, director of GAO’s information security issues.
However, the IRS has made progress in some areas including implementing controls for user IDs and improving physical protection for its procurement system.
The GAO is asking the IRS to identify individuals with significant security responsibilities for specialized training and enhance their oversight of contractors to ensure everyone is complying with security policies.
Acting IRS Commissioner Linda Stiff responded to the GAO’s report by claiming "there is significant work to be accomplished to address our information security deficiencies and we are taking aggressive steps to correct previously reported weaknesses."
this article form the Associated Press, the IRS has only fixed only 29 out of 98 security weaknesses in its information security controls. It is taking them longer then expected to fix the problem because they have not yet fully implemented an agency-wide information security program. This stands to threaten the security of thousands of taxpayer’s detailed financial data.