Oversight head: Hackers would hit mother lode at Education Department

Getty Images

House Oversight Committee Chairman Jason ChaffetzJason ChaffetzClinton fails to contain the damage from email leaks Trump backers lack Ryan alternative GOP lawmaker who compared Trump to Mussolini will vote for him MORE (R-Utah) is warning that a hack on the Department of Education would dwarf last year’s massive breach at the Office of Personnel Management.

“Almost half of America’s records are sitting at the Department of Education,” Chaffetz said at a Brookings Institution event on Thursday. “I think ultimately that’s going to be the largest data breach that we’ve ever seen in the history of our nation.”

The Department of Education's cybersecurity practices have been in the spotlight since a November Inspector General (IG) report found widespread deficiencies.

The agency also received an F grade on a federal scorecard that ranks agencies on the implementation of four key provisions of the Federal Information Technology Acquisition Reform Act (FITARA), which was enacted in December 2014.

Oversight lawmakers lambasted the department for its poor cybersecurity during a November hearing, hitting the agency for a failure to heed repeated warnings from the IG that its information systems are vulnerable to hackers.

The IT practices of federal agencies have been under fierce scrutiny in the wake of the devastating breach of the Office of Personnel Management that was revealed last spring. The agency was widely seen as having “left the barn door open” from a data security perspective, allowing hackers to pilfer the records of 21.5 million federal employees and others.

Chaffetz said Thursday that part of the the problem at the Education Department is the sheer volume of systems used by the agency to collect and manage data — 184 in total, according to the November IG report.

The agency relies heavily on a large number of different contractors to manage its systems and of those variously managed 184 systems, the Inspector General found 33 percent contained expired or missing information.

“We found that while the Department made progress in strengthening its information security programs, weaknesses remained and the Department-wide information systems continued to be vulnerable to security threats,” the report said.

The agency holds roughly 139 million Social Security numbers and manages the portfolio of over 40 million federal student loan borrowers holding over $1.18 trillion in outstanding debt obligations.

“We’ve been talking a lot about the breach at the Office of the Personnel Management, where we lost data on 22 million people,” Chaffetz said during the hearing. “Here, we’re talking about more than $1 trillion in student loans and data on more than 100 million Americans, and it’s not secure by any definition.”