A Senate report claims that multiple federal agencies left the personal information of American citizens unsecure and susceptible to theft.
Here's what we know
According to a report by the Senate Permanent Subcommittee on Investigations which was released on Tuesday, the State Department, the Department of Homeland Security, the Department of Health and Human Services, the Department of Education, the Department of Agriculture, the Department of Housing and Urban Development, the Department of Transportation, and the Social Security Administration all used outdated "legacy systems" that failed to properly secure the personal information they contained.
This report was based on investigations by the Office of Inspector General at each department.
As just one example, the Department of Homeland Security used "unsupported operating systems for at least the last four years, including Windows XP and Windows 2003." DHS also failed to apply security patches to its operating systems for several years, leading to a risk of "significant data loss and system disruption, which hampers mission-critical DHS operations." The report noted that "DHS is the agency in charge of securing the networks of all other government agencies."
The Department of Agriculture "had 49 percent of critical and high vulnerabilities for more than two years, and some went unaddressed for over five years." Four of these agencies (the DHS, DOT, USDA, and HHS) were warned more than ten years ago that they needed to update their systems, but failed to comply.
In another disturbing revelation, an independent accounting firm hired by the State Department's inspector general found that the department "does not currently have the ability to scan their networks to detect rogue devices."
These departments were also reportedly lacking in the personnel needed to maintain their systems.