Government officials under both Joe Biden and Donald Trump improperly shared sensitive documents with thousands of federal workers, including potentially classified floor plans of the White House, according to internal records reviewed by The Washington Post.

Career employees at the General Services Administration, which provides administrative and technological support for much of the federal bureaucracy and manages the government’s real estate portfolio, were responsible for the oversharing, which spurred a cybersecurity incident report and investigation last week. The records show that the employees inadvertently shared a Google Drive folder containing the sensitive documents with the entire GSA staff, which totals more than 11,200 people, according to the agency’s online directory.

The information shared also included the details of a proposed blast door for the White House visitor center, the records show, as well as bank account information for a vendor who assisted with a Trump administration news conference.

The Google Drive incident is the latest digital security lapse for the Trump administration. Last month, top officials inadvertently included the editor in chief of the Atlantic magazine in an unclassified chat used to discuss highly sensitive military planning; and Trump’s national security adviser and his staff used personal Gmail accounts for government communications, which experts described as insufficiently secure, The Post reported.

But the oversharing, which continued over at least four years, also suggests a pattern of sloppy handling of sensitive information that spans both the Trump and Biden administrations. A special counsel report last year found that Biden carelessly kept classified documents and notebooks at his home.

The records reviewed by The Post did not specify whether the East and West Wing plans, the blast door details or the banking information were classified. Nine of the 15 files shared in the Google Drive folder were marked CUI for “controlled unclassified information,” which refers to “sensitive information that does not meet the criteria for classification but must still be protected,” according to government protocols. At least 10 of the shared files allowed GSA employees not only to view but also edit the content, the records show.

The file sharing dates at least to early 2021, at the start of the Biden presidency, and continued into the Trump administration — including one share as recently as last week, the records show.

The White House and GSA did not immediately respond to a request for comment Sunday. Nor did a representative for Biden.

One longtime GSA official said the agency uses software that regularly scans its Google Drives to detect files that are inappropriately shared and lock those down. GSA also holds yearly mandatory trainings for staff to teach them best practices for document sharing and privacy, said the employee, who spoke on the condition of anonymity because they were not authorized to discuss the matter publicly.

“Internal controls are not perfect, but we aren’t just letting things happen without checking,” the employee said. “It’s not like we’re not trying to mitigate things if and when an employee makes a mistake.”

The White House blueprints may or may not have been classified, security experts said, depending whether they detailed information about secret safety or security protocols. Still, the breach indicates a general need to strengthen safety training measures for government workers who must live and work in a digital age, said Michael Williams, a Syracuse University professor who studies international security and defense issues.

The documents “are absolutely not something you want shared to 11,200 people,” Williams said. “The danger of this kind of mistake is a challenge across all administrations. It’s not just particularly bad for the Trump administration.”

One of the earliest improper shares took place in March 2021, when a GSA employee inadvertently shared all staff on a “safety environment management survey” for the East Wing of the White House, which included “blueprints” of the wing, the records show. The East Wing includes the White House visitors entrance as well as offices of the first lady.

The employee’s error consisted of altering the share settings in Google Drive so anyone within GSA could find and edit the documents, the records show.

In December of that year, the same employee shared a similar report about the West Wing of the White House, which includes the Oval Office, Cabinet Room, Situation Room and briefing room. The employee also inadvertently shared a “design build” for blast doors to be installed at the White House Visitor Center, a block away from the White House itself.

Those files remained open to the entire agency for years, according to the records.

If the documents simply detailed floor plans and layouts of the White House building, those would not be classified, said Steven Aftergood, a security policy analyst formerly with the Federation of American Scientists. But if they included any “undisclosed structures, passages or security measures,” then they could be classified under an executive order issued in 2009 to protect national security information, Aftergood said.

“Even if they were not formally classified,” Aftergood said, “they would be closely held for obvious security reasons.”

Other items shared in subsequent years include building details for a courthouse, the documents show, as well as two project manuals and drawings. Most of these files were marked CUI, the records show.

Since the start of the second Trump term, employees have shared three items with the entire agency. These included two files marked CUI and a third described as containing banking information, according to the records.

The GSA’s Office of the Inspector General learned of the inappropriate sharing last week during an ongoing security audit of the agency’s use of Google Drive, according to the records.

During that audit, inspectors found that sensitive information appeared to have been “improperly” shared across the agency, the records show. Inspectors reported the issue to the agency’s incident response team, part of the IT staff that handles security breaches, last Tuesday.

By Thursday, the IT team had identified the owners of the files and reversed the file-share, so the documents were no longer accessible to 11,000-plus employees, the records show.

The GSA IT team repeatedly attempted to contact the owner of the files but never received a response, the records show. The IT team’s investigation into the incident continues, the records show.

Cleve R. Wootson Jr. contributed to this report.