Top State Department Staff Used Personal Email to Send ‘Sensitive’ Data

Personal accounts at risk for ‘data loss, hacking, phishing, spoofing of email accounts’

State Department / AP
• August 31, 2015 12:00 pm


Senior State Department officials at the U.S. Embassy in Japan have been caught sending "sensitive" information over personal email accounts, subjecting the information to potential hacking attacks and other cyber threats, according to a new report by the department’s inspector general.

Embassy staff, including the U.S. ambassador to Japan, were found to conducted "official business" via their personal email addresses, highlighting an issue of concern among national security experts and officials in the wake of disclosures about Hillary Clinton’s email habits during her tenure as secretary of state.

The use of personal email among Obama administration officials has raised concerns about the protection of sensitive data, which could be stolen by hackers and foreign governments.

The State Department’s inspector general conducted "a review and confirmed that senior embassy staff, including the Ambassador, used personal email accounts to send and receive messages containing official business," according to the August report, which had been until recently marked as "sensitive" but unclassified.

Further investigations revealed "instances where emails labeled Sensitive but Unclassified were sent from, or received by, personal email accounts," leaving the information potentially vulnerable to hackers and other cyber criminals.

The disclosure comes in the wake of revelations that the department has been subjected to hacking attacks on a nearly daily basis.

There are multiple "risks associated with using commercial email for official government business," according to the report.

In Clinton’s case, classified information was sent from a private email account over personal email servers. Clinton is now under investigation by the FBI, which has seized the Democratic presidential candidate’s private server in order to discover whether laws were broken as a result of this practice.

In all cases, including Clinton's and the use of private email accounts among U.S. Embassy in Japan staff, the risks of this behavior "include data loss, hacking, phishing, and spoofing of email accounts, as well as inadequate protections for personally identifiable information," according to the report.

"The Department of State has not addressed security problems, including vulnerabilities which the Office of Inspector General identified in previous inspection " the report said.

The use of a private email account to conduct official business—particularly in cases where sensitive or classified data is sent—violates the State Department’s official policy.

"Department policy is that employees generally should not use private email accounts (for example, Gmail, AOL, Yahoo, and so forth) for official business," according to the inspector general. "Employees are also expected to use approved, secure methods to transmit Sensitive but Unclassified information when available and practical."

The inspector general additionally found that the embassy is wasting millions of dollars.

The report identifies "$122,665 in cost savings and $2,331,787 in funds put to better use."

Earlier this year, Steve Linick, the State Department’s inspector general, disclosed to lawmakers that the agency’s internal computer networks are subject to frequent hacking attacks. In some cases, the networks have been breached, prompting security concerns.

Other top officials, in testimony before Congress, have revealed that U.S. government networks "are attacked every day, thousands of times a day."

Between the internal security flaws and the tendency among State Department officials to use personal email accounts, many in Congress have raised concerns about the vulnerability of sensitive U.S. government information.

Sen. David Perdue, (R., Ga.), who has long pressed the State Department to implement greater cyber safeguards, told the Washington Free Beacon that the Obama administration is not working hard enough to protect its internal government networks.

"Recent data breaches of U.S. cyber networks should prompt all government officials to strengthen communication security," Perdue said. "This Inspector General report indicates systemic issues across the State Department, specifically in email communications."

"As Chairman of the subcommittee charged with overseeing State Department operations, I will continue to advocate for greater oversight to ensure these common-sense IG recommendations are implemented," he added. "National security and safeguarding sensitive government information must always be a top priority."

Published under: Cyber Security, State Department