It sounds like a gold mine for ID thieves," said Jeremy Gillula, staff technologist for the Electronic Frontier Foundation, a civil liberties group focused on technology. "I'm kind of surprised that this information was never compromised."

The flaws uncovered by auditors included issues of security policy — where mistakes can have bigger consequences — as well as 135 database vulnerabilities, of which nearly two dozen were classified as potentially severe or catastrophic.

Obamacare is very bad. Government IT might just be worse.