According to testimony given by Gregory C. Wilshusen, Director of Information Security Issues for the Government Accountability Office to United States Senate Committee on Homeland Security and Governmental Affairs that, and I quote, "most major federal agencies had weaknesses in major categories of information security controls." In other words, some government agency data security functions more like a sieve than a lockbox. . . .
Some of the data the GAO presented was deeply disturbing. For example, the number of successful breaches doubled since 2009. Doubled. There's also a story inside this story, which I'll discuss later in the article. Almost all of the press reporting on this testimony got the magnitude of the breach wrong. Most reported that government security incidents numbered in the thousands, when, in fact, they numbered in the millions.
Government and Media Incompetence Puts Americans' Data at Risk
In a chilling, but not especially surprising, report at ZDNet, David Gerwitz reveals that incompetence in government has led to a doubling of the number of information security breaches over the last five years, and that incompetence in the media has led to reporting that understates the extent of these breaches by an order of magnitude. Excerpt: