The U.S. Secret Service has done little to fix database vulnerabilities that allowed agents to improperly access and leak personal information about House Oversight and Government Reform Chairman Jason Chaffetz, according to a follow-up report by the Homeland Security Office of Inspector General released Friday evening.
“Today’s report reveals unacceptable vulnerabilities in Secret Service’s systems,” Inspector General John Roth said in a statement. “While Secret Service initiated IT improvements late last year, until those changes are fully made and today’s recommendations implemented, the potential for another incident like that involving Chairman Chaffetz’ personal information remains.”
Last year, agents obtained and leaked information about the Utah congressman’s failed attempt to join the service in 2003. The Secret Service agents had attempted to get back at Chaffetz for launching probes into the agency’s conduct and efficiency. Approximately 18 members took screenshots of the embarrassing records about Chaffetz and, at the direction of a supervisor, leaked the information to the media.
An initial audit into the attacks on Chaffetz found on 60 separate occasions, 45 Secret Service employees accessed database information about Chaffetz — the majority of whom violated the Privacy Act in doing so.
DHS OIG had responded with an investigation into the Secret Service’s information technology systems and recommended various changes to protect private information from being accessed by all employees.
But in today’s report, “USSS Faces Challenges Protecting Sensitive Case Management Systems and Data,” DHS OIG said there are still a “myriad of problems” in the service’s IT system.
“The OIG concluded that Secret Service’s IT management was ineffective because Secret Service has historically not given it priority. The Secret Service CIO’s Office lacked authority, inadequate attention was given to updating IT policies, and Secret Service personnel were not given adequate training regarding IT security and privacy,” the report stated.
The Office of Inspector General has made 11 new recommendations in addition to those made last year. Chaffetz chimed in Friday, demanding the agency’s employees be required to use Personal Identity Verification cards in order to access networks and systems. The Secret Service has agreed to take the recommended corrective actions.
