The Treasury Department's Inspector General for Tax Administration has released a report on the Internal Revenue Service and found that 490 laptops had been reported stolen between January 2, 2003 and June 13, 2006. Unfortunately, because reporting procedures for stolen laptops were often not followed, there isn't a real way to know whether this number is accurate. "As a result, it is likely that sensitive data for a significant number of taxpayers have been unnecessarily exposed to potential identity theft and/or other fraudulent schemes," writes Michael Phillips, the author of the report. The IRS currently has more than 47,000 notebooks in operation, and has no doubt used many more than that over the last few years. The report does not suggest that the agency try to cut losses to zero, but instead that it take better precautions.
Inspectors found that "a large number of the lost or stolen IRS computers contain similar unencrypted data," and that employees routinely used flash drives, CDs, and DVDs to cart unencrypted data around with them. The report also points out that physical security is important. 111 laptops were stolen right out of IRS facilities and many of the remaining laptops were stolen out of vehicles or employee homes. The problems even extended to off-site data backups, where backup media were often unsealed and open to anyone in the building. IRS management has agreed with the findings of the Inspector General and has pledged to implement the report's recommendations. The report does note, however, that the IRS was warned about unencrypted data back in 2003 but did not take "adequate corrective actions."
News source: Ars Technica