VA OIG 19-06125-218 | October 17, 2019
From the Executive Summary:
The OIG team found that veterans’ sensitive personal information was left unprotected on two shared network drives, where it was accessible to VSO officers who did not represent those veterans. Senior Office of Information and Technology (OIT) representatives told the team that other authenticated network users with access to the shared drives also could have accessed that information regardless of their business need. The OIG determined that mishandling this sensitive personal information was a national issue because the problem was not limited to the Milwaukee VARO. Authorized users, regardless of their location, who remotely connected to VA’s network could have had access to the same shared network drives.
You can access the full report below or on the Veterans Administration site (pdf)
VAOIG-19-06125-218h/t, NextGov