(CBS/AP) The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI has underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

FBI agents sometimes demanded the data without proper authorization, according to the 126-page audit by Justice Department Inspector General Glenn A. Fine. At other times, the audit found, the FBI improperly obtained telephone records in non-emergency circumstances.

The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct.

Still, "we believe the improper or illegal uses we found involve serious misuses of national security letter authorities," the audit concludes.

At issue are the security letters, a power outlined in the Patriot Act that the Bush administration pushed through Congress after the Sept. 11, 2001, terror attacks. The letters, or administrative subpoenas, are used in suspected terrorism and espionage cases. They allow the FBI to require telephone companies, Internet service providers, banks, credit bureaus and other businesses to produce highly personal records about their customers or subscribers — without a judge's approval.

About three-fourths of the national security letters were issued for counterterror cases, and the other fourth for spy investigations.

"I am to be held accountable," FBI Director Robert S. Mueller said Friday. He added that he should have provided training and oversight to prevent the misuse of power.

Fine conducted the audit as required by Congress and over the objections of the Bush administration.

Dept. Of Justice Report On F.B.I. Business Records

Mueller called Fine's audit "a fair and objective review of the FBI's use of a proven and useful investigative tool."

The finding "of deficiencies in our processes is unacceptable," Mueller said in a statement.

"We strive to exercise our authorities consistent with the privacy protections and civil liberties that we are sworn to uphold," Mueller said. "Anything less will not be tolerated. While we've already taken some steps to address these shortcomings, I am ordering additional corrective measures to be taken immediately."

Fine's annual review is required by Congress, over the objections of the Bush administration.

The audit released Friday found that the number of national security letters issued by the FBI skyrocketed in the years after the Patriot Act became law.

In 2000, for example, the FBI issued an estimated 8,500 letters. By 2003, however, that number jumped to 39,000. It rose again the next year, to about 56,000 letters in 2004, and dropped to approximately 47,000 in 2005.

Over the entire three-year period, the audit found the FBI issued 143,074 national security letters requesting customer data from businesses.

The FBI vastly underreported the numbers. In 2005, the FBI told Congress that its agents in 2003 and 2004 had delivered only 9,254 national security letters seeking e-mail, telephone or financial information on 3,501 U.S. citizens and legal residents over the previous two years.

Additionally, the audit found, the FBI identified 26 possible violations in its use of the national security letters, including failing to get proper authorization, making improper requests under the law and unauthorized collection of telephone or Internet e-mail records.

Of the violations, 22 were caused by FBI errors, while the other four were the result of mistakes made by the firms that received the letters.

The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

"In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded.

The letters inaccurately said the FBI had requested subpoenas for the information requested — "when, in fact, it had not," the audit found.

Cindy Cohn, the legal director of the Electronic Frontier Foundation, said the government, in general, needs to return to information gathering methods used prior to the Patriot Act.

The FBI must "limit these very powerful tools to situations in which the government is actually tracking suspected terrorists or spies," Cohn told CBS News radio.

Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI — and perhaps limits its power.

"I am very concerned that the FBI has so badly misused national security letters," said Sen. Arlen Specter, R-Pa., top Republican on the Senate Judiciary Committee that oversees the FBI.

Sen. Russ Feingold, D-Wis., another member on the judiciary panel, said the report "proves that 'trust us' doesn't cut it."

Justice spokeswoman Tasia Scolinos said Attorney General Alberto Gonzales "commends the work of the inspector general in uncovering serious problems in the FBI's use of NSLs."