The number of federal government data breaches involving personal identifiable information such as Social Security numbers and patient health data has more than doubled since 2009, according to a report released Wednesday by the Government Accountability Office. For the report, GAO officials examined how federal agencies handle data breaches. Specifically, GAO reviewed data breaches reported to the U.S. Computer Emergency Readiness Team by several federal agencies.
You might think this was an April Fool’s gag, except it was published on April 2nd, not April 1st. According to testimony given by Gregory C. Wilshusen, Director of Information Security Issues for the Government Accountability Office to United States Senate Committee on Homeland Security and Governmental Affairs that, and I quote, “most major federal agencies had weaknesses in major categories of information security controls.” In other words, some government agency data security functions more like a sieve than a lockbox. Some of the data the GAO presented was deeply disturbing. For example, the number of successful breaches doubled since 2009. Doubled. There’s also a story inside this story, which I’ll discuss later in the article.