Management Implication Report: Failure to Follow Agency Procedure to Report Cyber Incident

The U.S. Environmental Protection Agency's Office of lnspector General has identified a failure to follow Agency procedure—specifically EPA Classification No. CIO 2150-P-08.2, EPA Information Procedure, Information Security – Incident Response Procedures—concerning reporting and response requirements for cybersecurity incidents. The failure to follow this procedure occurred after EPA employees were notified of a potential data breach of EPA information related to the EPA Facility Registry Service, or FRS.

This report resulted from an investigation, rather than an audit or evaluation project.

Report Materials

OIG Independence of EPA

The EPA's Office of Inspector General is a part of the EPA, although Congress provides our funding separate from the agency, to ensure our independence. We were created pursuant to the Inspector General Act of 1978, as amended.

Environmental Protection Agency  |  Office of Inspector General
1200 Pennsylvania Avenue, N.W. (2410T)  |  Washington, DC 20460  |  202-566-2391
OIG Hotline: 1-888-546-8740.

Office of Inspector General

Contact the Office of Inspector General
Contact the Office of Inspector General to ask a question, provide feedback, or report a problem.
Last updated on October 20, 2025