NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > InfoSec News> 2009-q4

[ISN] Probe Targets Archives' Handling of Data on 70 Million Vets

From: InfoSec News (alertsinfosecnews.org)
Date: Fri Oct 02 2009 - 04:36:37 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.wired.com/threatlevel/2009/10/probe-targets-archives-handling-of-data-on-70-million-vets/

By Ryan Singel
Threat Level
Wired.com
October 1, 2009

The inspector general of the National Archives and Records
Administration is investigating a potential data breach affecting tens
of millions of records about U.S. military veterans, Wired.com has
learned. The issue involves a defective hard drive the agency sent back
to its vendor for repair and recycling without first destroying the
data.

The hard drive helped power eVetRecs, the system veterans use to request
copies of their health records and discharge papers. When the drive
failed in November of last year, the agency returned the drive to GMRI,
the contractor that sold it to them, for repair. GMRI determined it
couldn.t be fixed, and ultimately passed it to another firm to be
recycled.

The incident was reported to NARA.s inspector general by Hank Bellomy, a
NARA IT manager, who charges that the move put 70 million veterans at
risk of identity theft, and that NARA.s practice of returning hard
drives unsanitized was symptomatic of an irresponsible security mindset
unbecoming to America's record-keeping agency.

"This is the single largest release of personally identifiable
information by the government ever," Bellomy told Wired.com. "When the
USDA did the same thing, they provided credit monitoring for all their
employees. We leaked 70 million records, and no one has heard a word of
it."

But NARA says the lost drive is not a problem because its contractors
signed privacy promises in their contracts, though the agency has since
changed its policy to require that sensitive media be destroyed by NARA
itself.

[...]

________________________________________
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News
http://www.infosecnews.org

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]