GSA error exposes sensitive White House information to over 11,000 federal employees

A critical security lapse by U.S. government officials led to the inadvertent disclosure of potentially confidential White House information to more than 11,200 federal employees, according to multiple investigative reports. The breach, involving detailed White House floor plans and design specifics for a proposed armored door at the visitor center, was traced to a Google Drive folder that had been improperly shared by employees of the General Services Administration (GSA).

The incident, first brought to light by The Jerusalem Post and further detailed by Axios and The Washington Post, has sparked a cybersecurity investigation and raised concerns about data handling protocols across federal agencies.

The GSA’s Office of Inspector General reportedly uncovered the breach during an audit, discovering that a management-level employee mistakenly altered the sharing settings of the Google Drive folder back in 2021. This misstep granted unrestricted access to the entire GSA workforce, allowing thousands of employees not only to view but also potentially edit the sensitive materials.

While most of the 15 documents contained in the folder were not classified, nine were marked as Controlled Unclassified Information (CUI), a federal designation used for sensitive but unclassified content. In addition to security-related information, the files reportedly contained financial data relevant to government operations.

The data exposure occurred during the transition period between former President Joe Biden’s administration and what was described in reports as the early phase of President Donald Trump’s second administration. Although the political framing appears ambiguous, internal reviews have focused squarely on the systemic oversight rather than partisan lines.

Federal cybersecurity protocols were triggered following the discovery, prompting immediate access restrictions to the shared folder and the identification of the document owners. The GSA has not commented publicly on whether disciplinary action has been taken, but officials have confirmed that access controls have since been tightened.

The breach adds to a string of recent high-profile security lapses involving government personnel. Separately, The New York Times reported that Defense Secretary Pete Hegseth recently shared sensitive details about a U.S. military strike in Yemen via a private Signal messaging group that included his wife, brother, and personal lawyer. The same information was later confirmed to have been leaked through a separate messaging error involving the editor-in-chief of The Atlantic.