Gaping holes in computer security at the Internal Revenue Service could expose taxpayers' personal information to a hacker, a disgruntled agency employee or a private contractor, warned a watchdog's report that found IRS controls "weak:”

The report released by the Treasury Inspector General for Tax Administration said the IRS is plagued by security breaches that compromise security in an age of rampant identity theft.

"We are very concerned that authorization and authentication controls are weak on devices as sensitive as routers and switches;” read the report. "A disgruntled employee, contractor or hacker could reconfigure routers or switches to disrupt computer operations and steal taxpayer information in a number of ways:'“

While investigators did not pinpoint any specific the report suggested that the compromised security could allow someone to gain access to sensitive information without detection. Prior studies said such problems existed for years.

The review found the IRS authorized 374 accounts for employees and contractors that could be used to perform system administration duties. But of those, 141 either had expired authorization or had never been properly authorized.

IRS officials said they have already taken action, including locking employee use accounts after 45 days of inactivity and removing accounts after 90 days without use. It also said it would eliminate unauthorized or unnecessary shared accounts.

But to some taxpayer advocates the report was the most recent installment in episodic critiques. "It's only the latest indictment in a string of IRS information technical problems;” said Peter Sepp, vice president for communication at the National Taxpayers Union in Washington. "Not only has this agency stumbled in implementing modern data processing, but it has opened its records to security issues for a number of years:”