Report: Data loss widespread at government agencies
Since 2003, 19 agencies have reported at least one loss of personal information
Computerworld - Loss of personal data at U.S. government agencies is all too common, according to a report released by the House Government Reform Committee (download PDF).
According to the report, which was released Friday, 19 federal agencies have reported at least one loss of personally identifiable information since January 2003. In addition, those agencies don't always know what information has been lost or how many people could be affected because they aren't tracking those losses, the report said.
"For example, the Department of Justice reports that, prior to the May 2006 Veterans Administration data breach, 'the department did not track the content of lost, stolen, or otherwise compromised devices,' " the report stated.
Only a small number of the data breaches were caused by hackers breaking into computer systems, the report said. Most of the data losses stemmed from the theft of laptops, drives and disks, as well as unauthorized use of the information by employees, the report said. Contractors were also responsible for many of the reported breaches, the report said.
The Department of Agriculture told the committee that it had had eight incidents involving the loss or compromise of sensitive personal information since Jan. 1, 2003.
Those incidents include an e-mail that was sent to 1,537 people on Dec. 17, 2004, that contained, as an attachment, a database containing the Social Security numbers and other personal information of those 1,537 individuals. In response to the incident, the department sent a letter of apology to all of the individuals involved and developed additional security training.
On Feb. 24, 2005, a system containing research data was compromised by someone cracking a password or a user account and installing hacking software, the report said. The department said no information was compromised, but the intruder had read/write access to the server and was able to open access points. In response, the department disabled the log-in account that was cracked and limited access to the building.
The Department of Commerce reported 297 incidents involving the loss or compromise of personal information, the report said. The department said 217 laptops containing sensitive data have been lost, stolen or misplaced. In a separate briefing, the department told members of Congress that since 2001, 1,137 laptops have been stolen, lost or reported missing, according to the report. There is no indication of what steps the department has taken to prevent similar incidents.
The Department of Defense said it had 43 incidents involving the loss or compromise of personal data. For example, on April 5, the department said hackers stole data from its Tricare Management Activity system, including personal data on approximately 14,000 active duty and retired service members and dependents, according to the report. In response to the incident, affected members were notified and new security measures were implemented.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts