Cybersecurity shortcomings at the Interior Department put employees’ sensitive personal information at risk of unauthorized access, the department’s watchdog agency warned in a report made public Monday.
While acknowledging some security improvements have been made, Interior’s Office of Inspector General disclosed that its white-hat hackers were able to “exfiltrate” — in other words, steal — more than a gigabyte’s worth of data from the department’s cloud storage over the course of a week.
Office of Inspector General
“Our tests succeeded because the department failed to implement security measures capable of either preventing or detecting well-known and widely used techniques employed by malicious actors to steal sensitive data,” the OIG reported.
The evaluators further noted that the department has “never conducted regular required tests of the system’s controls for protecting sensitive data from unauthorized access” during the time cloud storage has been utilized. The potential consequences of data theft or leakage could be dramatic.