Education Department failed three out of four cybersecurity checks
Nearly 50% of Americans have personal information in the vulnerable database
November 23, 2015
The Department of Education's information systems are not secure—at least, that was the takeaway at Tuesday's House Oversight and Government Reform Committee meeting, reports Valerie Strauss for the Washington Post.
Both Republican and Democratic members of the committee questioned department CIO Danny Harris about vulnerabilities in the system, which has data for more than 40 million federal student loan borrowers and millions of others in different aid programs.
"Almost half the population of the United States of America has their personal information sitting in this database which is not secure," said Rep. Jason Chaffetz (R-Utah), referring to the 139 million unique social security numbers in the Education Department's central processing system.
Kathleen Tighe, the department's inspector general, testified that her team was able to infiltrate some department systems without detection. "We could have really done anything in there," she told the committee. "I am still concerned about the potential for breaches in the department."
Data breach exposes current, former, prospective students' records
The federal government recently issued a scorecard to assess how well federal agencies were implementing key areas of the Federal Information Technology Acquisition Reform Act. The Department of Education received three 'F's and one 'D' rating. Harris said the department should have received a 'C' grade, rating his confidence as a seven out of 10 that there would not be a system breach.
"I'm not going to suggest that we don't have a tremendous amount of work to do but I don't want the general public to think we are not secure," Harris said, also noting he expected the department to have vulnerabilities for the foreseeable future (Strauss, "Answer Sheet," Washington Post, 11/19).