(CNN) — The National Security Agency broke privacy rules "thousands of times each year" since 2008, The Washington Post reported, citing an internal audit and other documents.
NSA leaker Edward Snowden -- whose ongoing leaks have riled the Obama administration and intelligence community -- provided material to the newspaper earlier this summer.
The May 2012 audit found 2,776 incidents of "unauthorized collection, storage, access to or distribution of legally protected communications" in the preceding 12 months, the Post reported in its story Thursday.
"Most were unintended. Many involved failures of due diligence or violations of standard operating procedure," said the Post article by reporter Barton Gellman. "The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders."
The paper said most incidents involved unauthorized surveillance of Americans or foreign intelligence targets in the country.
In one case, the NSA decided it didn't need to report the unintended surveillance.
In 2008, a "large number" of calls placed from Washington were intercepted due to a programming error that confused the capitol's 202 area code for 20, the international dialing code for Egypt. The information came from a "quality assurance" review that wasn't distributed to the NSA overnight staff, according to the Post.
Separately, an NSA new collection method went undiscovered by the Foreign Intelligence Surveillance Court for months. The court, which has authority over some of the agency's operations, ruled it unconstitutional.
Responding to the Post's story, the NSA said, "A variety of factors can cause the numbers of incidents to trend up or down from one quarter to the next."
Factors can include implementation of new procedures, technology or software changes and expanded access.
"The one constant across all of the quarters is a persistent, dedicated effort to identify incidents or risks of incidents at the earliest possible moment, implement mitigation measures wherever possible, and drive the numbers down," the agency said.
The agency released another statement Thursday night defending its programs.
"NSA's foreign intelligence collection activities are continually audited and overseen internally and externally," it said. "When NSA makes a mistake in carrying out its foreign intelligence mission, the agency reports the issue internally and to federal overseers -- and aggressively gets to the bottom of it."
Lawmakers on Capitol Hill -- who, according to the Post, had been left in the dark on this audit -- expressed concern about not being told about it and called for more oversight.
"Press reports that the National Security Agency broke privacy rules thousands of times per year and reportedly sought to shield required disclosure of privacy violations are extremely disturbing," said House Minority Leader Nancy Pelosi, a Democrat from California.
Pelosi called for "rigorous oversight" on the "incidents of non-compliance."
Democratic Sen. Dianne Feinstein of California, chairwoman of the Senate Intelligence Committee, told the Post in a statement late Thursday night that her committee "can and should do more to independently verify that NSA's operations are appropriate, and its reports of compliance incidents are accurate."
Snowden stepped forward publicly in June to claim responsibility for leaking to the media that the NSA had secretly collected and stored millions of phone records from accounts in the United States. The agency also collected information from U.S. companies on the Internet activity of overseas residents, he said.
Snowden fled first to Hong Kong and then to Russia before Moscow granted him temporary asylum despite pressure from the Obama administration to return him to the United States to face charges.
He has been charged with three felony counts, including violations of the U.S. Espionage Act, for the leaks.