A cyber-security audit performed by the Office of the Inspector General found that 'unacceptable vulnerabilities' exist in the US Secret Service's (USSS) information security systems.
The audit was conducted after the Secret Service improperly accessed and disclosed information about US Representative Jason Chaffetz (R-Utah), chairman of the House Committee on Oversight and Government Reform.
It uncovered several problems, such as inadequate system security plans (SSP), access and audit controls, and privacy protections, as well as non-compliance with logical access requirements and over-retention of records.
According to the report, the problems occurred because the USSS had not consistently made IT management a priority.
The USSS allegedly failed to update its IT policies or train its personnel to successfully perform their duties.
The report also highlighted that the USSS has little room for error in its primary mission of 'protecting the president, other dignitaries and events, and investigating financial [crimes] and cyber-crimes to help preserve the integrity of the nation's economy.'
The USSS' cyber-security documentation was often incomplete, leading to confusion as to how responsibilities were allocated and who was performing what functions.