Lawsuit possible in NASA laptop theft
NASA contractors say breach confirms fears outlined in lawsuit rejected by U.S. Supreme Court last year
Computerworld - A group of current and former contractors at NASA's Jet Propulsion Laboratory (JPL) may file a lawsuit due to the possible exposure of personal information stored on an agency laptop stolen last month from a locked car, their lawyer said Wednesday.
The laptop, stolen on Oct. 31, stored the personal data of some10,000 NASA employees and contractors.
Some members of the group were part of a lawsuit filed against NASA five years ago over what they claimed were overly intrusive background checks the agency was conducting in connection with a mandatory federal smart card credentialing program.
At that time, the group contended that the data being collected by NASA was highly personal. They had expressed concern over NASA's ability to protect their private data.
The case went all the way to the Supreme Court, which last year ruled that NASA was within its rights to conduct such checks as a condition of employment.
All of those involved that suit were contractors working as senior scientists and engineers at JPL in Pasadena, Calif. The facilty is staffed and managed for NASA by the California Institute of Technology.
The Oct. 31 theft of an unencrypted agency laptop from the locked car of a teleworking NASA employee validates the privacy concerns raised in the earlier lawsuit, said Dan Stormer, a lawyer with Hadsell, Stormer, Richardson & Renick, LLC, the firm representing the group.
According to NASA, the stolen laptop contained unencrypted Social Security Numbers, dates of birth, birthplace information and other data. The laptop also stored "sensitive information" gathered as part of background investigations, NASA acknowledged.
"NASA's handling of the data was in direct violation of the Privacy Act," Stormer said. "They violated the right to privacy by releasing confidential information."
The Supreme Court's ruling in favor of NASA last year noted the private data being collected by NASA would be adequately protected under the provisions of the Privacy Act, Stormer said.
"Clearly in light of NASA's cavalier disregard for the privacy right of others," Stormer said, that did not happen.
Stormer said the group is considering whether to file a class-action suit against NASA over the recent breach, alleging negligence and violations of the Privacy Act.
Former NASA scientist Robert Nelson, who worked as a NASA astronomer for 34 years and was a senior member of the Cassini Orbiter team, said his data was compromised in the recent breach.
"The issue is how did this happen?" Nelson said in an interview with Computerworld. "When we sued them five years ago, one of the arguments we made was that we didn't believe NASA was capable enough to protect our data. When we lost our lawsuit they went ahead and completed those investigations." he said.
- Hackers steal user data from the European Central Bank website, demand money
- Arrests made after international cyber-ring targets StubHub
- SQL injection flaw opens door for Wall Street Journal database hack
- Goodwill Industries probes possible payment card breach
- Aloha point-of-sale terminal, sold on eBay, yields security surprises
- The biggest data breaches of 2014 (so far)
- Blue Shield discloses 18,000 doctors' Social Security numbers
- PF Chang's says breach was 'highly sophisticated criminal operation'
- Breaches exposed 1 in 7 US debit cards in 2013
- New malware program targets banking data
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!