Significant security gaps in how the FBI labels, stores, and disposes of decommissioned electronic storage media were discovered in an audit by the Department of Justice's Office of the Inspector General, reports SecurityWeek.
While such devices contain sensitive law enforcement and classified national security information, appropriate classification labels were only applied by the FBI on servers and computers, not on the media extracted from them, as well as small flash drives, according to the OIG report, which also noted the lack of proper tracking for internal hard drive devices.
All of the internal hard drives extracted by the FBI have also been left exposed on a pallet in a facility without adequate security.
"The lack of inventory controls over the FBI's electronic storage media increases the FBI's risks of having thumb drives, disk drives, and hard drives or solid-state drives lost or stolen after they have been extracted from the larger electronic component, such as a laptop or a server," said the OIG, which urged the FBI to bolster its inventory of storage media devices for destruction.