We determined that the U.S. Secret Service (USSS) did not have adequate protections in place on systems to which Master Central Index (MCI) information was migrated. These problems occurred because USSS has not consistently made IT management a priority. The USSS Chief Information Officer (CIO) lacked authority for all IT resources and was not effectively positioned to provide necessary oversight, inadequate attention was given to updating USSS IT policies, and high turnover and vacancies within the Office of the CIO meant a lack of leadership to ensure IT systems were properly managed. In addition, USSS personnel were not adequately trained to successfully perform their duties. We made 10 recommendations to USSS and 1 recommendation to the DHS Privacy Office to reduce the risk of future unauthorized access and disclosure of sensitive information. The USSS and the DHS Privacy Officer concurred with these recommendations.