State Department, VA disclose two new data breaches
One affects passport applicants, the other, VA patients
Computerworld - Two federal agencies that have already drawn attention this year for data security breaches are back in the spotlight again -- for the same reason.
One of them is the U.S. Department of State, which last week disclosed that it had notified close to 400 individuals that the data they had submitted with their passport applications had been stolen in a database intrusion (download PDF).
And last Saturday, the U.S. Department of Veteran's Affairs (VA) said that one of its medical centers in Oregon had accidentally posted personal data on about 1,600 patients on its public Web site.
The breach at the State Department occurred in March at around the same time the agency disclosed that some of its contractors had illegally snooped on passport records belonging to Sen. Barack Obama (D-Ill.), Sen. John McCain (R-Ariz.) and other high-profile citizens, according to a spokeswoman.
That disclosure triggered a review of the security controls protecting the State Department's Passport Information Electronic Records System (PIERS), which contains records on 192 million passports for 127 million people. An Inspector General's report (download PDF) was released in July and identified "many control weaknesses" -- including a general lack of policies, procedures and training for protecting passport data at the State Department. The report noted that there were about 20,500 users with active PIERS accounts as of May, with about 12,200 of them being employees or contractors at the department.
According to a State Department spokeswoman, 383 records were illegally accessed by a State Department employee. That worker has since been terminated, the spokeswoman said. All of those who were affected by the incident have been notified by the department and have been offered one year's worth of free credit monitoring. The notifications were sent out in two batches, with the first set going out on July 10 and the second on Oct. 6.
When asked how the agency discovered the breach and why it took so long to notify affected individuals, the spokeswoman cited a previous explanation of the events by Sean McCormack, another spokesman at the agency. McCormack said the department learned of the breach at around the same time the snooping incidents were disclosed publicly, but offered no further details.
According to The Washington Post, the State Department was tipped off to the intrusion in March by police officers in Washington who discovered nearly two-dozen credit cards and printouts of eight passport applications during the search of a car that was stopped for having excessively tinted windows. Four of the names on the credit cards matched four of the names on the passport applications, leading police to conclude the passport information had been stolen for identity theft purposes.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Exponentially Accelerate Data Protection and Recovery with Simpana 10 IntelliSnap® Snapshot Management Technology Are you making the best use of your storage array snapshot functionality? CommVault Simpana 10 IntelliSnap technology manages hardware-based snapshots across multiple vendor...
- Simpana IntelliSnap Technology Datasheet With IntelliSnap you can maximize the value of your snapshot technology while dramatically reducing management overhead and complexity.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Privacy White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!