Internal records revealed that sensitive government documents, including detailed layouts of the White House and vendor banking information, were mistakenly shared with over 11,000 federal employees.
The major digital incident, spanning both the Biden and Trump administrations, originated within the General Services Administration (GSA), a critical agency overseeing much of the US government's infrastructure and logistics.
In 2021, career employees at the agency "mistakenly" made a Google Drive folder accessible to the entire GSA workforce, allowing view and edit access to classified materials, according to records reviewed by The Washington Post.
Among the documents were blueprints of the White House's East and West Wings, a proposed blast door design for the visitor centre, and bank details for a vendor linked to a Trump-era news event.
The blueprints are tied to a "safety environment management survey" for the White House’s East Wing. Another improper share in December that same year included layout plans for the West Wing, home to the Oval Office and Situation Room.
While not all files were formally classified, at least nine were marked as "Controlled Unclassified Information" (CUI), a designation for sensitive data requiring protection under federal policy.
The GSA's inspector general uncovered the breach during a recent audit of the agency’s digital file-sharing practices. The agency’s IT response team scrambled to identify the document owners and revoke access. By Thursday, they had secured the files, but not before they had remained exposed for years.
Under Trump, officials used personal Gmail accounts for official communications, and a highly sensitive military planning discussion was inadvertently shared with a journalist. Biden’s term has seen its controversies, including the discovery of classified documents at his private residence.
While the White House and GSA have yet to publicly respond, an anonymous GSA official defended internal controls, pointing to automated scanning systems and mandatory staff training. "We aren’t just letting things happen without checking," the official said.
However, security experts warned that the leak of even "unclassified” information, like floor plans or infrastructure designs, can pose serious risks.
The major security exposure comes after US Defence Secretary Pete Hegseth shared details of a March attack on Yemen's Iran-aligned Houthis in a message group that included his wife, brother and personal lawyer.
Hegseth allegedly shared the same details of the attack that were revealed last month by The Atlantic magazine after its editor-in-chief, Jeffrey Goldberg, was included in a separate chat on the Signal app by mistake, in an embarrassing incident involving all of President Donald Trump's most senior national security officials.
In another leak in March, a US journalist was inadvertently included in a group chat in which Defence Secretary Pete Hegseth, Vice President JD Vance and other top American officials discussed upcoming strikes against Yemen's Houthi rebels.