The CIA logo in the lobby of CIA Headquarters in Langley, Va. Photo: SAUL LOEB/AFP via Getty Images

Systematic security failures at an elite CIA hacking unit helped lead to the biggest information breach in the agency’s history, according to a partially declassified CIA report provided to Sen. Ron Wyden’s office.

Details: The 2017 report, first reported by the Washington Post, is a postmortem on the 2016 breach, conducted by the CIA’s WikiLeaks task force.

  • WikiLeaks revealed the data leak, known as Vault 7, in early 2017. Vault 7 revealed operations and exploits conducted and developed by the CIA’s Center for Cyber Intelligence, which houses the agency’s elite hackers.

What it says: “CIA has moved too slowly to put in place the safeguards that we knew were necessary given successive breaches to other U.S. Government agencies,” the report states.

  • The lack of “user monitoring” and other audit capabilities meant the CIA was unaware of the breach until WikiLeaks had actually published documents from the stolen tranche.
  • If a traditional nation-state adversary had stolen the information, and kept its possession of it secret, the CIA might still not know that its data had been breached at such a massive scale, says the report.

By the numbers: Between 180 gigabytes and 34 terabytes of information were pilfered, says the report, “roughly equivalent to 11.6 million to 2.2 billion pages in Microsoft Word.”

  • This is a huge range that reveals just how much uncertainty exists within the CIA over the extent of the damage.

The state of play: In 2018, U.S. prosecutors charged Joshua Schulte, a former CIA employee, of being WikiLeaks’ source for the Vault 7 leaks.

  • In March, Schulte’s trial ended in a hung jury, though he was convicted of lesser charges.
  • Prosecutors plan on retrying Schulte on espionage-related charges.

Go deeper

The hacking of Iran's hackers

Illustration: Aïda Amer/Axios

An Iranian cyber operations front organization that’s a target of new U.S. sanctions was itself the victim of an attack that looted its own hacking tools and dumped them on the internet two years ago.

Driving the news: Last week, amid increasing tensions between Washington and Tehran, the Treasury Department announced major new Iran-related sanctions targeting cyber operators working for Iranian intelligence. The sanctions targeted 45 individuals affiliated with Iran’s Ministry of Intelligence and Security (MOIS), Tehran’s main civilian intelligence agency.

Obama: The rest of us have to live with the consequences of what Trump's done

Photo: Joe Raedle/Getty Images

Campaigning for Joe Biden at a car rally in Miami on Saturday, Barack Obama railed against President Trump's response to the coronavirus pandemic, saying "the rest of us have to live with the consequences of what he's done."

Driving the news: With less than two weeks before the election, the Biden campaign is drawing on the former president's popularity with Democrats to drive turnout and motivate voters.