In October 2014, online criminals breached the U.S. Department of the Interior and accessed the Office of Personnel Management's databases to steal sensitive personal information on more than 22 million current and former federal employees. The Department did not discover the breach until April 2015.
Recently, the Office of the Inspector General (OIG) of the Interior Department issued a report stating that the organization still has gaps in its cybersecurity. The report found that the incident response program of the Office of the Chief Information Officer (OCIO) was unable to identify "some of the most basic threats from inside the enterprise network." As a result, the organization could not address threats quickly, which left their systems vulnerable for months at a time.
For example, the OIG investigation found that a U.S. Geological Survey (USGS) employee exposed his organization to malware by watching pornography on an agency workstation. The employee's computer was infected with Russian malware that was attempting to communicate with command and control websites in Russia. Jory Heckman "IG: Interior Dept. computer infected with malware after employee surfed porn sites," federalnewsradio.com (Apr. 09, 2018).