Feds Often Clueless After Data Losses

A government report paints a bleak picture for security at federal agencies. Agencies are constantly losing data and often have no idea what's been lost or who is affected -- proof that the government is simply not giving this the attention it needs, claims an industry advocacy group.

By Gregg Keizer
TechWeb News

Oct 18, 2006 02:31 PM

Federal agencies not only regularly lose personal identity data, but don't even always know what they've lost or how many Americans are affected, a recently-released House report claimed.

According to the report issued by the House Government Reform Committee, which is chaired by Tom Davis (R-Va.), all 19 federal departments and agencies from which data was requested had lost or compromised personal information in the three-and-a-half years since January 2003. Some of the breaches were losses, others were the result of theft.

In August 2006, for example, a Department of Defense laptop that contained personal information on 30,000 Navy applicants and prospects fell of a motorcycle driven by a recruiter. "The recruiter returned to the scene and was told by a road side worker that a car had stopped and picked up the bag," the report said.

Davis's report was prompted by the May theft of a Veterans Affairs laptop and external hard drive that had the personal information of some 26.5 million veterans and active duty military personnel. The hardware was recovered about two months later; an FBI analysis concluded that none of the confidential information had been accessed on the notebook and drive.

http://informationweek.com/news/showArticle.jhtml?articleID=193400392

I'm an air traffic controller. My facility discovered a hard drive missing that contained my name and SSN. They let me know a week and a half later and claim that they don't know if the drive was stolen or just transferred to another computer.

Two weeks after they discovered that the drive was missing (and who knows how long it took them to discover the theft/loss) they sent me a certified letter advising me that my personal data had been compromised.

I mean, what with all that "evidence" and "testimony," it's been damn hard to round up terrorists and torture confessions out of them. Now, they can just say, "You know something, your honor? We lost that file. That's right, just flat lost it. But I'll tell you, whooo-wee! it had the goods on this guy! And here's his signature on the bottom of this documents. Those are just tomato stains, I had pasta for lunch. Can you speed this along and just declare him guilty? I have a 9:30 tee time."