Justice's Weak ADP Security Compromises Sensitive Data
T-IMTEC-91-6: Published: Mar 21, 1991. Publicly Released: Mar 21, 1991.
Additional Materials:
- Full Report:
Contact:
(202) 512-6418
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
GAO discussed the Department of Justice's (DOJ): (1) recent sale of surplus computer equipment that was later found to have highly sensitive data; and (2) continuing exposure to similar breaches of security. GAO noted that DOJ: (1) showed patterns of neglect and inattention in ensuring information security nationwide; (2) was unable to provide it with such basic factual information as the total number of employees in the U.S. Attorneys' Offices nationwide; and (3) could not be trusted to safely secure sensitive data.
Recommendations for Executive Action
Status: Closed - Implemented
Comments: DOJ reports that it identified all excessed, lost, and stolen storage media and no damage was ascertained. Departmental and component procedures for disposal of magnetic media were reviewed and updated as needed.
Recommendation: Because of the seriousness of this situation and the possibility of loss of life, the Attorney General should immediately identify all computer equipment designated surplus by DOJ components and determine whether it contained sensitive data.
Agency Affected: Department of Justice
Status: Closed - Implemented
Comments: DOJ reports that it identified all excessed, lost, and stolen storage media and no damage was ascertained.
Recommendation: Because of the seriousness of this situation and the possibility of loss of life, the Attorney General should immediately ensure that every DOJ component that may have compromised sensitive data immediately prepare a damage assessment of the impact of the compromise on carrying out its mission and on the identity of such people as witnesses, confidential informants, and undercover agents.
Agency Affected: Department of Justice
Status: Closed - Implemented
Comments: In his 1991 Internal Control Report dated December 28, 1991, the Attorney General designated automatic data processing security as a material weakness under FMFIA and a high-risk area.
Recommendation: The Attorney General should report the compromise of sensitive data and various security deficiencies as a material internal control weakness under the Federal Managers' Financial Integrity Act (FMFIA), and discuss the actions that will be taken to correct these weaknesses.
Agency Affected: Department of Justice
Status: Closed - Implemented
Comments: OMB is designating computer security at DOJ as a high-risk area.
Recommendation: The Director, Office of Management and Budget (OMB), should designate computer security at DOJ as a high-risk area.
Agency Affected: Executive Office of the President: Office of Management and Budget
Explore the full database of GAO's Open Recommendations
»
Jan 19, 2021
-
Federal Rulemaking:
Selected EPA and HHS Regulatory Analyses Met Several Best Practices, but CMS Should Take Steps to Strengthen Its AnalysesGAO-21-151: Published: Dec 17, 2020. Publicly Released: Jan 19, 2021.
Jan 13, 2021
-
Department of Energy Contracting:
Improvements Needed to Ensure DOE Assesses Its Full Range of Contracting Fraud RisksGAO-21-44: Published: Jan 13, 2021. Publicly Released: Jan 13, 2021.
Dec 16, 2020
-
Data Governance:
Agencies Made Progress in Establishing Governance, but Need to Address Key MilestonesGAO-21-152: Published: Dec 16, 2020. Publicly Released: Dec 16, 2020.
Dec 9, 2020
-
2020 Census:
The Bureau Concluded Field Work but Uncertainty about Data Quality, Accuracy, and Protection RemainsGAO-21-206R: Published: Dec 9, 2020. Publicly Released: Dec 9, 2020.
Dec 3, 2020
-
2020 Census:
Census Bureau Needs to Assess Data Quality Concerns Stemming from Recent Design ChangesGAO-21-142: Published: Dec 3, 2020. Publicly Released: Dec 3, 2020. -
2020 Census:
Census Bureau Needs to Ensure Transparency over Data QualityGAO-21-262T: Published: Dec 3, 2020. Publicly Released: Dec 3, 2020.
Nov 30, 2020
-
Federal Buying Power:
OMB Can Further Advance Category Management Initiative by Focusing on Requirements, Data, and TrainingGAO-21-40: Published: Nov 30, 2020. Publicly Released: Nov 30, 2020.
Nov 24, 2020
-
Disaster Response:
Agencies Should Assess Contracting Workforce Needs and Purchase Card Fraud RiskGAO-21-42: Published: Nov 24, 2020. Publicly Released: Nov 24, 2020.
Nov 23, 2020
-
Federal Contracting:
Actions Needed to Improve Department of Labor's Enforcement of Service Worker Wage ProtectionsGAO-21-11: Published: Oct 29, 2020. Publicly Released: Nov 23, 2020.
Nov 18, 2020
-
Federal Telework:
Key Practices That Can Help Ensure the Success of Telework ProgramsGAO-21-238T: Published: Nov 18, 2020. Publicly Released: Nov 18, 2020.
Looking for more? Browse all our products here