WASHINGTON, April 2 (Reuters) - Federal agencies have a spotty record of handling of data breaches, which can include the theft of sensitive information like Social Security numbers, financial data and health history, the investigative arm of the U.S. Congress said in a report issued on Wednesday.
The number of such incidents involving personal data more than doubled in 2013, to 25,566 from 10,481 in 2009, the Government Accountability Office said. That total included both cyber crime and non-cyber breaches.
Incidents have ranged from the highly-publicized theft in 2006 of a laptop and external hard drive belonging to the Veterans Affairs Department that contained personal data on 26.5 million veterans and active duty members of the military, to the hacking of a Federal Aviation Administration computer that contained data on 45,000 agency employees and retirees.
Of the agencies whose breaches were analyzed by the GAO, only the Internal Revenue Service consistently calculated how much personal information was at risk in the incidents, and only the IRS and the U.S. Army documented how many people may have been affected, the report said.
Further, only the Army and the Securities and Exchange Commission notified the people whose data may have been exposed.
None of the federal agencies consistently offered credit monitoring services to the affected individuals, the report added. (Reporting by Diane Bartz, editing by Ros Krasny and G Crosse)