A report, from the U.S. Treasury Inspector General for Tax Administration, stated that a network scan from the IRS Computer Security Incident Response Center identified 2,093 potential web servers with at least one security vulnerability connected to the
IRS network. These results were compared to the IRS' web registration database and found 1,811 connected web servers were not authenticated to connect to the network.
An investigation found that 661 that were used for legitimate agency business purposes but has not yet determined the purpose of more than a thousand others.
Of the 2,093 servers the center identified as vulnerable in a survey in March, 1,936 still had at least one security hole. Of those, 437 contained a high-risk vulnerability compared with 540 servers in 2007. High-risk vulnerabilities include a weak or nonexistent
password requirement or a so-called buffer overflow, a security hole that an attacker exploits by sending more information than a software program can store, allowing the hacker to take control of the server. The scan also identified 699 servers with moderate-risk
vulnerabilities, a drop from the 1,101 servers found to have moderate-risk vulnerability in 2007.
They probably don't have much information worth pinching do they? If they did, it's probably already out in the rather flooded black market for personal data.