The U.S. Department of Justice Inspector General has released a report of an audit of the Federal Bureau of Investigation (FBI) process for notifying victims of cyber incidents. The primary findings of the report include:
- Some unreliable data, including typographical errors
- Lack of controls to prevent input errors
- Exclusion of notifications from highly sensitive investigations
- Untimeliness of some notifications
- Questions as to the adequacy of the information provided by the FBI for remediation of the threats
The Inspector General made several recommendations for improvement, among them:
- For the FBI to clearly define what constitutes a victim of cybercrime for purpose of indexing victims and notifying them of their rights
- That the FBI establish timeliness standards for cyber victim notifications
- That the Department of Justice coordinate with the FBI’s Cyber Division and update guidelines for victim and witness assistance to incorporate the nuances of cyber victims
Read the Department of Justice’s press release here and the Inspector General’s 49 page audit report here. Contact us at Ossian Law P.C. regarding any information technology law matter.
© 2019 Ossian Law P.C.