More than 100 Google Drives belonging to the General Services Administration (GSA), which houses sensitive information for federal agencies across government, were breached, a government watchdog reported Friday.
Federal officials using two unauthorized technologies left the Google Drives “accessible to users both inside and outside of GSA during a five-month period, potentially exposing sensitive content such as personally identifiable information and contractor proprietary information” the agency’s inspector general wrote.
GSA discovered the 100 online storage systems were breached March 4, but didn’t report the incident until five days later. Agency guidelines requires such hacks to be reported within one hour. (RELATED: Security Slips At NY Federal Building In City Where ISIS Attack Was Recently Thwarted)
GSA conducts a wide array of support functions for agencies across government, such as managing building contracts and security. (RELATED: Thousands Of US Buildings Unsafe From Terror 8 Years After Deadly Warnings)
The report did not disclose how many files each Google Drive held. Each storage system can hold up to 15 gigabytes for free, though more space can be purchased.
The drives became accessible through the agency official’s use of Slack – an online messaging application – and OAuth 2.0 – an authentication process. Both systems are unauthorized by the agency.
“Once identified, we corrected the issue immediately and initiated an internal review that did not identify any data breaches,” a GSA spokeswoman told The Daily Caller News Foundation. “Additionally, we made our user community aware of the issue to ensure they operate in a manner consistent with our [information technology] policies.’
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.