WASHINGTON — Vulnerability tests conducted at the U.S. Department of Transportation revealed that employees’ personal information and other sensitive documents are at risk because of ineffective IT safeguards, according to a federal watchdog.

By using publicly available administrator account credentials, auditors at the department’s Office of Inspector General were able to gain unauthorized access to printers used by employees at DOT’s Federal Highway Administration, according to OIG’s report published on Wednesday.

That access allowed investigators to see all kinds of personal information that employees had previously printed, scanned or faxed, including marriage licenses, medical billings and prescriptions, employee last wills and testaments, tax documents, bank account statements, home addresses, and Social Security numbers.

As part of its testing of uncredentialed access, the OIG also found that no authentication had been required from an unsecured conference room, which “allowed us to traverse from the FHWA intranet to the FAA intranet,” the agency stated in the report.



