Americans’ Personal Info Has Been Left Vulnerable To Theft By Several Federal Agencies

Americans’ personal information has been left vulnerable for the past ten years by several federal agencies, according to a report from the Senate Permanent Subcommittee on Investigations released Tuesday.

The subcommittee spent 10 months investigating multiple federal agencies: the Departments of State, Homeland Security (DHS), Health and Human Services (HHS), Transportation (DOT), Education, Agriculture (USDA), Housing and Urban Development (HUD), and the Social Security Administration (SSA), according to The Hill.

Seven of the agencies they had investigated for 10 months had failed in providing adequate protection for Americans’ personal information, the report found. Six of those agencies hadn’t installed specific defenses against cyberattacks quickly enough, and all eight of the agencies investigated did not use “legacy systems,” which left them open to even more cyber attacks.

The DHS, DOT, USDA and HHS did not address cybersecurity weaknesses that had been identified over 10 years ago. DHS is tasked with fighting cyberattacks. The SSA has cybersecurity issues that could result in over 60 million Americans’ personal information being released, The Hill reported.

This report also noted that the Department of Education hasn’t been able to protect itself against unauthorized devices connecting to its network. This issue dates back to 2011, and although they have since have limited access to 90 seconds, it is still too much time, the Inspector General (IG) stated.

“Hackers with malicious intent can and do attack federal government cyber infrastructure consistently. In 2017 alone, federal agencies reported 35,277 cyber incidents,” said Rob Portman, the Republican subcommittee Chairman, according to The Hill. “Yet our federal agencies have failed at implementing basic cybersecurity practices, leaving classified, personal, and sensitive information unsafe and vulnerable to theft.”

Cyber attack threats have grown in recent years. The U.S. approved of cyberattacks against Iran last week after stopping a military attack, and the city of Baltimore was held up by a huge cyber attack in May.

The U.S. experienced the largest hacking of an American government agency in 2015 after a hacker breached the Office of Personnel Management and exposed sensitive information of over 21 million people. A year before, the United States Postal Service had a digital breach that released over 800,000 former and current postal employees, including Social Security numbers.

All agencies were recommended to have progress reports regarding how they would be fixing cybersecurity issues included in budget justifications given to Congress, the report read.