Security failures led to biggest information breach in CIA history in 2016

• WikiLeaks revealed the data leak, known as Vault 7, in early 2017. Vault 7 revealed operations and exploits conducted and developed by the CIA’s Center for Cyber Intelligence, which houses the agency’s elite hackers.

What it says: “CIA has moved too slowly to put in place the safeguards that we knew were necessary given successive breaches to other U.S. Government agencies,” the report states.

• The lack of “user monitoring” and other audit capabilities meant the CIA was unaware of the breach until WikiLeaks had actually published documents from the stolen tranche.
• If a traditional nation-state adversary had stolen the information, and kept its possession of it secret, the CIA might still not know that its data had been breached at such a massive scale, says the report.

By the numbers: Between 180 gigabytes and 34 terabytes of information were pilfered, says the report, “roughly equivalent to 11.6 million to 2.2 billion pages in Microsoft Word.”

• This is a huge range that reveals just how much uncertainty exists within the CIA over the extent of the damage.

The state of play: In 2018, U.S. prosecutors charged Joshua Schulte, a former CIA employee, of being WikiLeaks’ source for the Vault 7 leaks.

• In March, Schulte’s trial ended in a hung jury, though he was convicted of lesser charges.
• Prosecutors plan on retrying Schulte on espionage-related charges.