The IG investigated two cloud-based systems that allow for file sharing and that contain personally identifiable information. Image: Mark Van Scyoc/Shutterstock.com
By: FEDweek StaffSensitive personal information on VA employees was accessible on two internal systems to users “who had no business need to access it” and some of that information should not have been on that system at all, an inspector general report has found.
In response to a hotline disclosure, the IG investigated two cloud-based systems that allow for file sharing and that contain personally identifiable information on employees as well as other “human resources paperwork such as interview questions and reference checks, performance awards” as well as personal information on veterans getting surgery.
Those systems are subject to laws and internal policies limiting users’ access to only those applications and data they need for their role in the organization. However, the audit found that the department “does not have adequate controls to prevent, detect, and correct inappropriately set permissions” for the systems. Issues included that systems administrators had a “lack of knowledge of the permissions for and content of the sites.”
Further, some of the information “should not have been hosted on the systems it was found on, as the information exceeded the systems’ security authorizations. The OIG determined this was a national issue because the hosting systems are cloud based and the information was observable by any authorized VA employee, regardless of location.”
The report said VA management concurred with recommendations including to ensure facilities and programs remove unauthorized sensitive personal information from collaborative application sites; mandate standardized training for administrators; put in place automated tools to detect and correct improper sharing; and more.
The report follows within days one citing similar risks of sensitive information on a shared drive at the GSA being exposed to employees—and in that case, to contractors as well—who did not have a business need to access that information.
Large Share of Federal Workforce about to Experience a Payless Pay Period
OPM Details Coverage Changes, Plan Dropouts for FEHB/PSHB in 2026
OMB Says Federal Workforce RIFs are Starting as Shutdown Drags On
Financial Impact of Shutdown Starts to Hit Home; WH Threatens No Back Pay
Surge of Retirement Applications Is in the Pipeline, Says OPM
See also,
TSP Takes Step toward Upcoming In-Plan Roth Conversions
5 Steps to Protect Your Federal Job During the Shutdown
Over 30K TSP Accounts Have Crossed the Million Mark in 2025
The Best Ages for Federal Employees to Retire
