Federal investigators are chastising tens of thousands of Veterans Affairs employees for using an outside social media network for internal department conversations, in violation of professional and security protocols.
The relatively minor offenses drew new attention this week after reports of information leaks from hacks of federal accounts and the news that thousands of federal employees may have used their work accounts to enroll in an online adultery dating site.
At issue is VA's use of Yammer, a Windows application that bills itself as "your company's private social network."
As many as 50,000 VA workers may have used the tool over the past two years, even though the department had no formal approval policy for the network and no formal oversight to ensure sensitive information is not shared.
"We found Yammer users violated VA policy when they downloaded and shared files, videos, and images, risking malware or viruses spreading quickly from the site," states a report released this week by the VA Inspector General's office.
"We further found that Yammer regularly spammed and excessively emailed users," the report said, adding that "numerous user posts that were non-VA related, unprofessional, or had disparaging content that reflected a broad misuse of time and resources" also were discovered.
Employees interviewed said Yammer use began as a way to speed up internal communications, but for limited issues not involving patient or employee personal information. In June 2013, VA's former chief information officer held a chat forum on the platform, "giving the false impression that VA approved the use of Yammer.com," IG officials said.
In fact, VA officials have not approved use of Yammer for any department work, despite the large number of employees on the site.
The IG report details problems with the tool, including giving former employees access to potentially sensitive internal projects and no safeguards to prevent confidential information from being uploaded and shared.
The report also says repeated downloads of the application may have exposed VA networks to malware and hackers, given Yammer's "vulnerable security features."
Investigators have asked department leaders to formally approve or disapprove use of the application and set rules for participation. VA leaders said they will do so by Oct. 1.