DOJ watchdog: FBI not tracking whether all cyber crime victims were notified

The FBI’s system for notifying victims of cyber crimes was often faulty and failed to collect data on whether all victims were notified, the Justice Department’s Office of Inspector General found.

In a redacted report released Monday, the inspector general’s office found that the data in the program for tracking whether cyber victims had been notified, called Cyber Guardian, was “incomplete and unreliable, making the FBI unable to determine whether all victims are being notified.”

The audit also found that the Department of Homeland Security was not adding information about the victims into the system, creating an incomplete picture of who had been alerted to being hacked.


“Together, the inconsistent leads and Indexing contributed to some notifications not being tracked properly or taking place too long after the attack for the victim to effectively mitigate the threat to its systems,” the report stated.

The audit found that while victims of cyber crimes were sent notification letters, the same practice wasn’t applied to victims in cyber cases tied to national security, “resulting in many victims that are not informed of their rights” under Department of Justice (DOJ) guidelines.

Several victims also told the office that they were notified too late to take any meaningful action to resolve the cyber vulnerabilities or hacks.

The audit noted that a new system, called CyNERGY, is being created to replace Cyber Guardian. While the report stated that the new system should address some issues, “other concerns will remain without additional fixes,” like a cyber unit to handle inputting data into the system.

The Office of Inspector General issued 13 recommendations as a result of the audit, including making sure that all cyber victim notifications are tracked and that all victims are informed of their rights under DOJ regulations.

The office said in a press release that DOJ had agreed to all of the recommendations.