FBI failing to notify all cyber victims
The FBI’s system for notifying victims of cyber crimes was often faulty and failed to collect data on whether all victims were notified, the Justice Department’s Office of Inspector General found.
In a redacted report released Monday, the inspector general’s office found that the data in the program for tracking whether cyber victims had been notified, Cyber Guardian, was “incomplete and unreliable, making the FBI unable to determine whether all victims are being notified.”
The audit also found that the Department of Homeland Security was not adding information about the victims into the system, creating an incomplete picture of who had been alerted to being hacked.
“Together, the inconsistent leads and Indexing contributed to some notifications not being tracked properly or taking place too long after the attack for the victim to effectively mitigate the threat to its systems,” the report stated.
The audit found that while victims of cyber crimes were sent notification letters, the same practice wasn’t applied to victims in cyber cases tied to national security, “resulting in many victims that are not informed of their rights” under DOJ guidelines.
Several victims also told the office that they were notified too late to take any meaningful action to resolve the cyber vulnerabilities or hacks.