Lawsuit possible in NASA laptop theft
NASA contractors say breach confirms fears outlined in lawsuit rejected by U.S. Supreme Court last year
Computerworld - A group of current and former contractors at NASA's Jet Propulsion Laboratory (JPL) may file a lawsuit due to the possible exposure of personal information stored on an agency laptop stolen last month from a locked car, their lawyer said Wednesday.
The laptop, stolen on Oct. 31, stored the personal data of some10,000 NASA employees and contractors.
Some members of the group were part of a lawsuit filed against NASA five years ago over what they claimed were overly intrusive background checks the agency was conducting in connection with a mandatory federal smart card credentialing program.
At that time, the group contended that the data being collected by NASA was highly personal. They had expressed concern over NASA's ability to protect their private data.
The case went all the way to the Supreme Court, which last year ruled that NASA was within its rights to conduct such checks as a condition of employment.
All of those involved that suit were contractors working as senior scientists and engineers at JPL in Pasadena, Calif. The facilty is staffed and managed for NASA by the California Institute of Technology.
The Oct. 31 theft of an unencrypted agency laptop from the locked car of a teleworking NASA employee validates the privacy concerns raised in the earlier lawsuit, said Dan Stormer, a lawyer with Hadsell, Stormer, Richardson & Renick, LLC, the firm representing the group.
According to NASA, the stolen laptop contained unencrypted Social Security Numbers, dates of birth, birthplace information and other data. The laptop also stored "sensitive information" gathered as part of background investigations, NASA acknowledged.
"NASA's handling of the data was in direct violation of the Privacy Act," Stormer said. "They violated the right to privacy by releasing confidential information."
The Supreme Court's ruling in favor of NASA last year noted the private data being collected by NASA would be adequately protected under the provisions of the Privacy Act, Stormer said.
"Clearly in light of NASA's cavalier disregard for the privacy right of others," Stormer said, that did not happen.
Stormer said the group is considering whether to file a class-action suit against NASA over the recent breach, alleging negligence and violations of the Privacy Act.
Former NASA scientist Robert Nelson, who worked as a NASA astronomer for 34 years and was a senior member of the Cassini Orbiter team, said his data was compromised in the recent breach.
"The issue is how did this happen?" Nelson said in an interview with Computerworld. "When we sued them five years ago, one of the arguments we made was that we didn't believe NASA was capable enough to protect our data. When we lost our lawsuit they went ahead and completed those investigations." he said.
- Michaels breach exposes nearly 3M payment cards
- Teen nabbed in Heartbleed attack against Canadian tax site
- Heartbleed bug can expose private server encryption keys
- FTC can sue companies hit with data breaches, court says
- 5-year-old hacks Xbox, now he's a Microsoft 'security researcher'
- State AGs probe Experian subsidiary's data breach
- NSA sniffing prompts Yahoo to encrypt traffic between its data centers
- Banks withdraw data breach claim against Target
- Bank abandons place in class-action suit against Target, Trustwave
- Banks' suit in Target breach a 'wake-up call' for companies hiring PCI auditors
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts