Federal agencies fall short on data breaches, GAO report says

Share this article:
Federal agencies fall short on data breaches, GAO report says
The number of data breaches reported by government agencies more than doubled in a four-year period.

Federal agencies are not doing enough to guard against data breaches and protect personal identifiable information (PII) from falling into the wrong hands, according to a report released Wednesday by the Government Accountability Office (GAO).

Noting that the number of data breaches reported by government has more than doubled in just four years to 25,566 incidents, the GAO report said that as a collector of large amounts of PII, government has an obligation to adequately protect it and respond quickly when breaches occur.

But the latest GAO research found that those organizations fell short on both counts. Between 2009 and 2013, the number of incidents involving PII swelled by more than 140 percent and government was the target of some high-profile attacks. Laptops stolen from the home of a Veterans Administration employee exposed PII on roughly 26.5 million veterans while more recently, hackers obtained information about 104,000 people from a Department of Energy system.

The study follows earlier reports — the latest in December scrutinizing the IRS, SEC, Department of the Army and five other agencies — that the organizations are uneven in addressing eight components of a mandated information security program and fail to adequately implement specific security controls. And, in fact, they are challenged by a wide range of attacks. While the largest number of incidents was non-cyber in nature, 16 percent were a result of malware and 19 percent were due to policy violation, the GAO study said.

GAO Director of Information Security Issues Gregory Wilshusen revealed the results of the study, "Information Security: Federal Agencies Need to Enhance Responses to Data Breaches," in testimony before the Senate Committee on Homeland Security and Government Affairs, just a day after Federal Trade Commission (FTC) Chairwoman Edith Ramirez outlined the FTC's aggressive pursuit of private companies for failing to “provide reasonable protections for consumers personal information.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.