Critical Infrastructure Security, Identity

GAO warns SSA's cyber lapses threaten public trust

A report investigates how static, or hard to change personal data, like SSNs or dates of birth, are impacted by repeated breaches.

Biometric Update reports that the U.S. Government Accountability Office has issued a sharp critique of the Social Security Administration for its continued failure to address critical cybersecurity and IT management shortcomings, leaving millions of Americans' personal data at risk.

Despite repeated recommendations, SSA has not implemented key security measures such as advanced event logging mandated by the Office of Management and Budget in response to the SolarWinds breach. GAO warns that SSA's inability to detect or respond to cyber threats due to insufficient logging, outdated infrastructure, and improper access controls exposes its systems to potential breaches. Bureaucratic reshuffling under the Department of Government Efficiency has exacerbated the issue by displacing cybersecurity experts. Additional failures include poor tracking of software and telecom assets, weak cloud service agreements, and an underused fraud prevention tool. With SSA managing nearly $1.4 trillion in benefits annually, GAO stresses that continued inaction could compromise public trust and critical federal services.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds