Lawsuit possible in NASA laptop theft
NASA contractors say breach confirms fears outlined in lawsuit rejected by U.S. Supreme Court last year
Computerworld - A group of current and former contractors at NASA's Jet Propulsion Laboratory (JPL) may file a lawsuit due to the possible exposure of personal information stored on an agency laptop stolen last month from a locked car, their lawyer said Wednesday.
The laptop, stolen on Oct. 31, stored the personal data of some10,000 NASA employees and contractors.
Some members of the group were part of a lawsuit filed against NASA five years ago over what they claimed were overly intrusive background checks the agency was conducting in connection with a mandatory federal smart card credentialing program.
At that time, the group contended that the data being collected by NASA was highly personal. They had expressed concern over NASA's ability to protect their private data.
The case went all the way to the Supreme Court, which last year ruled that NASA was within its rights to conduct such checks as a condition of employment.
All of those involved that suit were contractors working as senior scientists and engineers at JPL in Pasadena, Calif. The facilty is staffed and managed for NASA by the California Institute of Technology.
The Oct. 31 theft of an unencrypted agency laptop from the locked car of a teleworking NASA employee validates the privacy concerns raised in the earlier lawsuit, said Dan Stormer, a lawyer with Hadsell, Stormer, Richardson & Renick, LLC, the firm representing the group.
According to NASA, the stolen laptop contained unencrypted Social Security Numbers, dates of birth, birthplace information and other data. The laptop also stored "sensitive information" gathered as part of background investigations, NASA acknowledged.
"NASA's handling of the data was in direct violation of the Privacy Act," Stormer said. "They violated the right to privacy by releasing confidential information."
The Supreme Court's ruling in favor of NASA last year noted the private data being collected by NASA would be adequately protected under the provisions of the Privacy Act, Stormer said.
"Clearly in light of NASA's cavalier disregard for the privacy right of others," Stormer said, that did not happen.
Stormer said the group is considering whether to file a class-action suit against NASA over the recent breach, alleging negligence and violations of the Privacy Act.
Former NASA scientist Robert Nelson, who worked as a NASA astronomer for 34 years and was a senior member of the Cassini Orbiter team, said his data was compromised in the recent breach.
"The issue is how did this happen?" Nelson said in an interview with Computerworld. "When we sued them five years ago, one of the arguments we made was that we didn't believe NASA was capable enough to protect our data. When we lost our lawsuit they went ahead and completed those investigations." he said.
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
- Amazon.com security slip allowed unlimited password guesses on mobile apps
- Huge turnout at RSA shows hackers are winning
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts