More than 100 employees of the General Services Administration inadvertently exposed confidential data stored in Google Drives for a period of five months, the agency announced on Friday.
The vulnerability for employees of GSA’s 18F division began in October after an administrator integrated the drives with a service known as “Slack,” which allows users to chat and share documents.
“Upon discovering that this integration had been accidentally enabled, we immediately removed the Google Drive integration from our Slack,” the agency said in a Friday blog post. “Our review indicated no personal health information, personally identifiable information, trade secrets, or intellectual property was shared.”
Related Story: http://www.washingtonexaminer.com/article/2583035
The summation came shortly after the inspector general published a report revealing the incident, and also criticized the agency for waiting five days to report the vulnerability after its March 4 discovery.
“By delaying the reporting of the data breach by five days, GSA 18F staff failed to comply with the GSA Information Breach Notification Policy,” the OIG stated in its findings, which were dated May 12. The policy requires that vulnerabilities be reported to GSA’s IT chief within one hour.
GSA’s 18F division was created in 2014 to help provide digital services for the federal healthcare website, Healthcare.Gov. The agency is named eponymously for its main office at the intersection of 18th and F street in the northwest quarter of Washington, D.C., but retains additional staff in San Francisco, Chicago, New York, and Dayton.
