"Until the Bureau implements a complete and comprehensive security program, it will have limited assurance that its information and systems are being adequately protected against unauthorized access, use, disclosure, modification, disruption, or loss," the report said.
The security deficiencies found at the agency aren't limited to the Census Bureau, Wilshusen said.
"What we found at the Census Bureau is not inconsistent with what we have identified in other agencies when we go in there the first time and examine their information security controls," he said. "We typically find these kinds of vulnerabilities and the extent of these types of vulnerabilities."
Sign up for CIO Asia eNewsletters.