Recent data breaches have most of us focused on private corporations’ failures in protecting our personal information. There are, however, bigger and more threatening security risks.

The Government Accountability Office (GAO) just completed an analysis of all 24 federal agencies and determined that almost all of them have exposed citizens’ personally identifiable information, and, in some cases, present significant threats to national security.

“An underlying reason for these weaknesses is that agencies have not fully implemented their information security programs,” according to the report. “As a result, agencies have limited assurance that controls are in place and operating as intended to protect their information resources, thereby leaving them vulnerable to attack or compromise.”

Still not clear on exactly how bad the problem really is? Reports of security incidents more than doubled from 2006 (5,503 reports) to 2008 (16,843 reports).

The GAO report specifically cited unresolved security problems at the Securities and Exchange Commission, the Internal Revenue Service, the Los Alamos National Laboratory and the Department of Homeland Security.

The SEC deficiencies were identified earlier this year, but still have not been addressed. The agency doesn’t consistently authenticate users and isn’t consistently encrypting network services or auditing its databases for unauthorized activity, the GAO report said.

Security weaknesses at many of the agencies include 1,100 users having access to mainframe system management utilities. In one agency, a contractor had full-system access, meaning any incidents that occurred on the contractor’s network could affect the federal agency’s network. Other agencies gave application users full access to source code.

The report also noted decreases in security training for personnel with critical IT responsibilities.