Cyber security expert: is 'just bad all around and continues to get worse'

This is a rush transcript from "On the Record," January 16, 2014. This copy may not be in its final form and may be updated.

GRETA VAN SUSTEREN, FOX NEWS HOST: This is a FOX News alert. The ObamaCare website is 100 percent not secure. Your personal information can get hacked. has gotten worse.


DAVID KENNEDY, CEO, TRESTEDSEC: Nothing has changed since the November 19th testimony. In fact, since the November 19th testimony it's even worse.


VAN SUSTEREN: Remember this from last November? Well, cyber security experts warning Congress the ObamaCare website poses a great security risk.


UNIDENTIFIED CONGRESSMAN: Do any of you today think today that the site is secure?






VAN SUSTEREN: Today, the experts back in front of the same House committee. So what do they have to say about now? Any improvement?


KENNEDY: is not secure today and nothing has really changed since the November 19th testimony. In fact, from our November 19th testimony, it's even worse. I don't understand how we are still discussing whether or not the website is insecure or not. It is. There is no question about that.


KENNEDY: It's insecure, absolutely, 100 percent.


VAN SUSTEREN: Security expert David Kennedy joins us.

I don't whether to ask you 100 percent insecure or that it has even got worse. I don't know which is a more appalling statement. Let me first start with 100 percent insecure. No question about it?

KENNEDY: No question. In fact, I was worried this last time around when I did my testimony that it was just going to be me coming out of the security researcher. I engaged multiple other security researchers that are really well known to look at this. They all came back and said this is not good, it's bad, it's 100 percent bad, and this is the type of things we see for security breaches. So, as of now, 100 percent really bad.

VAN SUSTEREN: You say it's gotten worse. How could it get worse from November?

KENNEDY: We had October 1st deadline, which they rolled it out, and the website itself was really bad, unstable, everything else. What they did is they jammed a whole bunch of servers in there. They had a whole bunch of guys behind the keyboards programming really fast to keep the site up and stable. And they introduced new code, new vulnerabilities, new exposures. Other security researchers also started looking at this website and found a whole slew of additional issues that are with the website. It's just bad all around and continues to get worse.

VAN SUSTEREN: Sort of interesting today is that Whalen Crush (ph), who was there, he was the one who sort of seemed like he thought there had been improvement, but then the interesting thing, if you go to his Twitter account, which the is extraordinary thing, he said, "World's greatest hacker calls security shameful." That's what he tweets.

KENNEDY: It was interesting. Whalen had an interesting swag about him, I guess. He was very much on the side of, you know, we don't know enough information about it. For me personally, I have done this for 14 years, I did it for the NSA, the United States Marine Corps, I did it for the private sector. When you see something like this and you see the systemic issues, there's a much larger problem on the inside. And it's something that we really need to look at and address. It's bad.

VAN SUSTEREN: So personal information includes financial?

KENNEDY: Well, there's portions of that. They are adding the credit card functionality soon. Right now, personal information is first name, last name, email address, Social Security number, as well as the integration into the IRS and DHS, which contains all of your tax information and financial information, as well as what DHS has on you. Basically, your whole online profile can be accessed through the data hub.

VAN SUSTEREN: And your health information?

KENNEDY: Health information isn't actually on the website. But it integrates into the other state exchanges. So the California state exchange or the New York state exchange. So they have integration pieces into those. This is the focal point. As an attacker, I would go after, this compromise, hack this, and from there, have access into all the different agencies, the different government entities as the state level and federal.

VAN SUSTEREN: You say it's 100 percent. It doesn't seem like it can get much worse. How easy is it to hack into it?

KENNEDY: These types of attacks that we are seeing, the things that -- the vulnerabilities that we identify and expose are rudimentary basic hacks. It's not like it would take somebody extremely sophisticated to break into this site.

VAN SUSTEREN: It's really bad.

KENNEDY: It's really bad.

VAN SUSTEREN: All right.

KENNEDY: And the problem is they don't have to disclose it. There's no federal law saying you have to disclose it, any personal information being leaked, except the House passed that bill last Friday to disclose within a 48-hour period, but it's probably not going to make it to the Senate.

VAN SUSTEREN: In your wildest dreams, would you ever sign up on

KENNEDY: Absolutely not. And I would be extremely terrified if I had family members doing it as well.

VAN SUSTEREN: David, thank you very much.

KENNEDY: Thanks, Greta.