CIA data loss to WikiLeaks exposed insufficient security practices at the intelligence agency

A newly released government report revealed that the CIA was operating with multiple internal security failures that were left unchecked until it lost significant amounts of classified data and cyber tools to the website WikiLeaks in 2017.

In March 2017, WikiLeaks announced it had acquired the cyber tools, which the site called "Vault 7." They were promptly released. According to the report, released Tuesday, the announcement was the first time the CIA discovered the data loss had occurred.

The report claims that the Center for Cyber Intelligence (CCI), which is the CIA office from which the tools were stolen, "had prioritized building cyber weapons at the expense of securing their own systems."

The report also notes that sensitive cyber weapons were not adequately protected, employers shared administrator-level passwords, and historical data was available to all users. Additionally, there was no contingency plan for what the office would do if the tools were exposed or taken. 

"These shortcomings were emblematic of a culture that evolved over years that too often prioritized creativity and collaboration at the expense of security," reads the report.

Sen. Ron Wyden (D-Oregon), a senior member of the Senate Intelligence Committee, requested the report after it was used by prosecutors during the trial of Joshua Adam Schulte, the software engineer who is suspected of leaking CIA secrets, including "Vault 7," to WikiLeaks.