Report: Data loss widespread at government agencies
Since 2003, 19 agencies have reported at least one loss of personal information
Computerworld - Loss of personal data at U.S. government agencies is all too common, according to a report released by the House Government Reform Committee (download PDF).
According to the report, which was released Friday, 19 federal agencies have reported at least one loss of personally identifiable information since January 2003. In addition, those agencies don't always know what information has been lost or how many people could be affected because they aren't tracking those losses, the report said.
"For example, the Department of Justice reports that, prior to the May 2006 Veterans Administration data breach, 'the department did not track the content of lost, stolen, or otherwise compromised devices,' " the report stated.
Only a small number of the data breaches were caused by hackers breaking into computer systems, the report said. Most of the data losses stemmed from the theft of laptops, drives and disks, as well as unauthorized use of the information by employees, the report said. Contractors were also responsible for many of the reported breaches, the report said.
The Department of Agriculture told the committee that it had had eight incidents involving the loss or compromise of sensitive personal information since Jan. 1, 2003.
Those incidents include an e-mail that was sent to 1,537 people on Dec. 17, 2004, that contained, as an attachment, a database containing the Social Security numbers and other personal information of those 1,537 individuals. In response to the incident, the department sent a letter of apology to all of the individuals involved and developed additional security training.
On Feb. 24, 2005, a system containing research data was compromised by someone cracking a password or a user account and installing hacking software, the report said. The department said no information was compromised, but the intruder had read/write access to the server and was able to open access points. In response, the department disabled the log-in account that was cracked and limited access to the building.
The Department of Commerce reported 297 incidents involving the loss or compromise of personal information, the report said. The department said 217 laptops containing sensitive data have been lost, stolen or misplaced. In a separate briefing, the department told members of Congress that since 2001, 1,137 laptops have been stolen, lost or reported missing, according to the report. There is no indication of what steps the department has taken to prevent similar incidents.
The Department of Defense said it had 43 incidents involving the loss or compromise of personal data. For example, on April 5, the department said hackers stole data from its Tricare Management Activity system, including personal data on approximately 14,000 active duty and retired service members and dependents, according to the report. In response to the incident, affected members were notified and new security measures were implemented.
- The Pivotal Big Data Suite- Reducing the Risks of Big Data The explosion of big data and the rapid evolution of big data tools and technologies is challenging IT to meet the demands of...
- A Survival Guide for Data in the Wild All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices...
- Transforming Security: Designing a State-of-the-Art Extended Team The information security mission is no longer about implementing and operating controls.
- The Big Data Security Analytics Era Is Here New security risks and old security challenges often overwhelm legacy security controls and analytical tools.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!