Agencies are handling data breaches inconsistently, GAO finds. (aetb / Getty Images/iStockphoto)
Agencies need to be more consistent in responding to data breaches involving personal information, according to a Jan. 8 Government Accountability Office report.
GAO said that while the Office of Management and Budget had identified a key set of practices, agencies were inconsistent in using them.
The Army, the Veterans Affairs Department and the Federal Deposit Insurance Corporation also had not documented how they had determined risk levels for their systems. The Army also did not have parameters for offering assistance to those affected by breaches.
Agencies also said reporting the number and types of incidents to the Department of Homeland Security — as required by law — provided few benefits to agencies working to prevent future attacks.
The number of data breaches involving personal information has climbed from about 10,000 in 2009 to more than 22,000 in fiscal 2012, according to DHS data.
Hackers stole personally identifiable information this summer on more than 104,000 Energy Department employees, family members and contractors, according to an inspector general report warning this kind of attack could recur. ■