The General Services Administration‘s inspector general has found that the 18F digital services organization experienced a data breach due to the use of systems that are not approved under GSA’s Information Technology Standards Profile.

GSA IG said in a management alert report issued Thursday that at least 100 GSA Google Drives have been exposed to external users since October 2015 because of OAuth 2.0.

18F employees use the authorization system to share files between Google Drive and the online messaging and collaboration application Slack.

The IG added that the breach potentially compromised personally identifiable information and contractor proprietary data to people outside GSA.

According to the report, an 18F surpervisor discovered the breach on March 4 and reported the vulnerability on Mar. 9 to the GSA senior agency information security officer.

OAuth 2.0 and Slack are not compliant with GSA Order CIO P 2160.1E, which requires the evaluation of IT products and services against the agency’s security, legal and accessibility needs to approve their use under the GSA IT standards profile, the report added.

GSA IG said 18F also failed to comply with the agency’s information breach notification policy, which requires personnel to report all uncovered or suspected breach of PII within an hour of discovery.

The report recommended for GSA to stop the use of Slack and OAuth 2.0 unless they are approved for use in the IT standards profile and to ensure 18F follows GSA Order CIO P 2160.1E.

A study by the National Telecommunications and Information Administration shows that Americans have begun limiting online activity due to concerns over the privacy and security of online services.

The U.S. Census Bureau surveyed over 41,000 households in support of NTIA’s push to acknowledge reported data breaches, cybersecurity and other incidents, NTIA policy analyst Rafi Goldberg wrote in a blog entry posted Friday.

Goldberg said NTIA works to urge policymakers to develop new strategies to address mistrust in Internet services and its effects on the economy and the free exchange of information online.

NTIA will continue analyzing the collected data as well as potential policies — including the deployment of encryption and other security measures — to aid trust-building efforts for Internet use and the flow of commerce and information online, he added.

NTIA also conducted several multistakeholder processes designed to update private sector online privacy and cybersecurity practices as well as other policies connected to the Internet of Things, Goldberg wrote.

A market intelligence analysis by immixGroup says the departments of Defense, Homeland Security and Commerce are the top three government spenders when it comes to cloud platforms based on their budget requests for fiscal year 2017.

DoD has requested $1 billion in funds to support cloud adoption efforts, while DHS and the Commerce Department plan to spend $200 million each on cloud implementation programs in FY 2017, immixGroup said Thursday.

The company noted in the report that there would be an increase in the adoption of cloud tools as the General Services Administration works to expedite the certification process for cloud service providers under the Federal Risk and Authorization Management Program.

The implementation of the Data Center Optimization Initiative will also drive cloud deployment, according to the analysis.

The report also mentioned that civilian agencies spend more on Infrastructure-as-a-Service and private cloud models, while DoD has allocated most of its cloud funds to IaaS and public cloud platforms.

Agencies cited outdated laws and lack of cloud-ready applications as challenges to cloud adoption, the analysis said.

The information technology personnel at the House of Representatives has cut lawmakers’ access to Google cloud-hosted software applications due to potential security threats, Reuters reported Wednesday.

Dustin Volz writes the House blocked devices used by legislators from gaining entry to the appspot.com domain, where Google hosts custom applications for use in congressional discussions.

The House implemented the ban on May 3 after FBI identified attempts to install ransomware onto the users’ computers through a trojan virus called BLT that the bureau discovered on appspot.com, according to Reuters.

Volz writes two individuals had already fallen victim to the malicious campaign after clicking on document email attachments, but the infected documents were recovered without paying ransom.

The ban on Google-hosted applications came on the heels of a restriction on Yahoo Mail after House authorities also warned of potential ransomware attacks through the service, NBC News reported Thursday.

Alex Johnson writes the third-party email attacks combine social engineering and phishing strategies to generate an infected email that appears to come from a trusted source.