We have completed a review to determine whether HUD followed proper policies and procedures in responding to a breach of personally identifiable information which occurred on September 21, 2012. Specifically, for this incident, we identified what actions were taken and any deficiencies within HUD policies, plans, or current practices. We determined that HUD responded to the incident properly, following United States Computer Emergency Readiness Team (US-CERT), National Institute of Standards and Technology, and HUD policy and other Federal requirements. However, we noted some areas of concern for safeguarding HUD information as well as suggested improvements for limiting the exposure of HUD’s information in the future.
The OIG has determined that the full contents of this memorandum would not be appropriate for public disclosure and have therefore redacted the contents as appropriate. Please contact the ISAD Director or Assistant Director to request a full copy of this memorandum.