More than 11,000 federal staff had access to sensitive files, including White House floor plans and merchant bank information, due to a modern security lapse that spanned various years, according to a report by The Washington Post.
The breach, which began during the administration of former President Joe Biden and also involved the current administration of President Donald Trump, involved at least 15 files stored in a Google Drive folder managed by the General Services Administration ( GSA ).
Officials said the documents included potentially sensitive material such as proposed blast door designs for the White House Visitor Center and files marked as “controlled unclassified information ” ( CUI).
The documents were visible to the whole GSA workforce — over 11,000 workers— and some were customizable. The GSA has launched an internal inspection and a security incident report is underway.
The texting began in early 2021, during the tenure of former President Joe Biden, and continued until as late as last year. Internal examinations and a security incident review have since been launched.
“This kind of error is a challenge across all services, ” said Michael Williams, a Syracuse University professor who studies international protection. “These are definitely not files you want shared with 11,200 persons. ”
Although it ’s unclear whether the East and West Wing floor plans were fully classified, authorities say documents containing comprehensive layouts or embedded security system would usually be closely guarded. “Even if not fully classified, they may become restricted for obvious safety grounds, ” said Steven Aftergood, a previous security policy researcher with the Federation of American Scientists.
One of the earliest breaches occurred in March 2021 when a safety survey with East Wing blueprints was shared agency-wide. A similar incident followed involving the West Wing, which includes the Oval Office, Situation Room, and Cabinet Room. These files reportedly remained accessible for years.
The GSA said it has protocols for detecting inappropriate file sharing, including automated scans and mandatory annual training. “Internal controls are not perfect, ” a longtime employee told The Post. “ But it ’s not like we’re letting things happen unchecked. ”
Nine of the 15 files were marked as CUI — a designation for sensitive but unclassified material — and at least ten could be both viewed and edited by anyone within the agency. The breach included not only architectural blueprints but also courthouse layouts, project manuals, and financial records.
The GSA’s Office of Inspector General uncovered the lapse during an audit of the agency’s Google Drive usage. The issue was flagged to the IT incident response team last Tuesday, and by Thursday, file-sharing permissions had been revoked. Investigators have so far been unable to reach the owners of the compromised files.
According to WSJ, Neither the White House nor the GSA has issued a comment. A representative for former President Biden also declined to respond.
This incident adds to a string of security missteps under both administrations. During President Trump’s tenure, officials mistakenly included The Atlantic’s editor-in-chief in a group chat discussing military planning and used personal Gmail accounts for sensitive communication. In contrast, a 2023 special counsel report criticised former President Biden for storing classified notebooks at his residence.
Meanwhile, a separate controversy is unfolding at the Pentagon. US defense secretary Pete Hegseth is under scrutiny for allegedly sharing classified airstrike plans in a private Signal group that included his wife, brother, and personal lawyer, according to The New York Times.
The chat reportedly contained flight schedules for F/A-18 Hornets involved in US operations in Yemen. Unlike a previous leak in March— where a journalist was mistakenly added — the Signal group was reportedly created by Hegseth himself.
This is the second time Hegseth has been accused of mishandling classified military information. The Pentagon inspector general is now investigating both incidents. Those in the Signal group reportedly include Hegseth’s wife Jennifer, a former Fox News producer; his brother Phil; and his personal lawyer Tim Parlatore.
