GSA chat app exposed more than 100 Google drives

More than 100 employees of the General Services Administration inadvertently exposed confidential data stored in Google Drives for a period of five months, the agency announced on Friday.

The vulnerability for employees of GSA's 18F division began in October after an administrator integrated the drives with a service known as "Slack," which allows users to chat and share documents.

"Upon discovering that this integration had been accidentally enabled, we immediately removed the Google Drive integration from our Slack," the agency said in a Friday blog post. "Our review indicated no personal health information, personally identifiable information, trade secrets, or intellectual property was shared."

The summation came shortly after the inspector general published a report revealing the incident, and also criticized the agency for waiting five days to report the vulnerability after its March 4 discovery.

"By delaying the reporting of the data breach by five days, GSA 18F staff failed to comply with the GSA Information Breach Notification Policy," the OIG stated in its findings, which were dated May 12. The policy requires that vulnerabilities be reported to GSA's IT chief within one hour.