Inspector General Patrick O’Carroll Jr. said the Social Security Administration’s information security program and practices were generally consistent with the requirements of the Federal Information Security Management Act. “These weaknesses could result in losses of confidentiality, integrity and availability of SSA information systems and data,” he said. In an internal penetration test, examiners seized control of an SSA network running a Microsoft Windows operating system and obtained many records containing personally identifiable information. In addition, auditors noted concerns related to the identification and monitoring of high-risk programs.”]
Source: https://www.cuinfosecurity.com/ig-social-security-systems-data-at-risk-a-5320