Justice and Law Enforcement:

Justice's Weak ADP Security Compromises Sensitive Data

T-IMTEC-91-6: Published: Mar 21, 1991. Publicly Released: Mar 21, 1991.

Contact:

Howard G. Rhile, Jr
(202) 512-6418
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO discussed the Department of Justice's (DOJ): (1) recent sale of surplus computer equipment that was later found to have highly sensitive data; and (2) continuing exposure to similar breaches of security. GAO noted that DOJ: (1) showed patterns of neglect and inattention in ensuring information security nationwide; (2) was unable to provide it with such basic factual information as the total number of employees in the U.S. Attorneys' Offices nationwide; and (3) could not be trusted to safely secure sensitive data.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: Because of the seriousness of this situation and the possibility of loss of life, the Attorney General should immediately identify all computer equipment designated surplus by DOJ components and determine whether it contained sensitive data.

    Agency Affected: Department of Justice

    Status: Closed - Implemented

    Comments: DOJ reports that it identified all excessed, lost, and stolen storage media and no damage was ascertained. Departmental and component procedures for disposal of magnetic media were reviewed and updated as needed.

    Recommendation: Because of the seriousness of this situation and the possibility of loss of life, the Attorney General should immediately ensure that every DOJ component that may have compromised sensitive data immediately prepare a damage assessment of the impact of the compromise on carrying out its mission and on the identity of such people as witnesses, confidential informants, and undercover agents.

    Agency Affected: Department of Justice

    Status: Closed - Implemented

    Comments: DOJ reports that it identified all excessed, lost, and stolen storage media and no damage was ascertained.

    Recommendation: The Attorney General should report the compromise of sensitive data and various security deficiencies as a material internal control weakness under the Federal Managers' Financial Integrity Act (FMFIA), and discuss the actions that will be taken to correct these weaknesses.

    Agency Affected: Department of Justice

    Status: Closed - Implemented

    Comments: In his 1991 Internal Control Report dated December 28, 1991, the Attorney General designated automatic data processing security as a material weakness under FMFIA and a high-risk area.

    Recommendation: The Director, Office of Management and Budget (OMB), should designate computer security at DOJ as a high-risk area.

    Agency Affected: Executive Office of the President: Office of Management and Budget

    Status: Closed - Implemented

    Comments: OMB is designating computer security at DOJ as a high-risk area.

    Jul 9, 2014

    May 14, 2014

    Apr 30, 2014

    Mar 26, 2014

    Jan 13, 2014

    Dec 9, 2013

    Dec 6, 2013

    Nov 20, 2013

    Oct 29, 2013

    Sep 25, 2013

    Looking for more? Browse all our products here