http://www.scrippsnews.com/node/20094 By MICHAEL DOYLE March 12, 2007 Agriculture Department computers stolen in Stockton and Yuba City, Calif., could contain sensitive information about Central Valley farmers, federal investigators warn. The seven computers stolen from the Valley offices over the past several years also reflect a larger problem, investigators believe. Officials didn't notify farmers whose personal information might have been compromised at the time of the thefts, nor did they have in place necessary safeguards. "As a result," the investigators cautioned, "personally identifiable information of USDA customers and employees may have been lost and is at risk for improper use." Lost and stolen computers have become a perennial problem for many federal agencies, and potentially pose risks to both privacy and national security. Census Bureau officials, nuclear weapon scientists at Los Alamos National Laboratory in New Mexico and analysts at the Energy Department's Office of Intelligence have all misplaced laptops, discs or other computer equipment in recent years, previous investigations found. The losses have prompted the Bush administration to step up its scrutiny, prompting the latest audit by the Agriculture Department's Office of Inspector General. Agriculture Department officials have accepted the criticisms and say they are making improvements. In July, the Agriculture Department reported to Congress that officials had found only eight incidents where private information might have been compromised by the loss of equipment since 2003. But when the Office of Inspector General looked more closely, the investigators found the Agriculture Department's initial report was "not accurate." A total of 95 Agriculture Department computers were stolen between Oct. 1, 2005 and May 31, 2006. In at least nine cases, officials acknowledged that the computers included names, addresses, Social Security numbers and payment information for individual farmers. These nine cases were in addition to the eight previously reported by the Agriculture Department. "The true number of incidents might not be known," investigators added, because agencies "were not tracking, reporting or following up on stolen computer equipment." The stolen computers identified by investigators included six taken from Yuba City and four taken from Stockton. The Agriculture Department maintains offices in both cities to administer programs for farmers throughout the Valley. "Farmers, like any business owner, would not want their private information out in the public," Julia Berry, executive director of the Madera County Farm Bureau, noted Monday. Berry added, though, that she had not heard specific concerns raised by local farmers about losing sensitive Agriculture Department information. "There is always a concern about rural mail theft, and identify theft," added Liz Hudson, outreach director for the Fresno County Farm Bureau, "but this is the first I've heard of the (Agriculture Department) computer thefts." The new audit does not specify exactly what information might have been on the stolen California computers. Other offices suffered even greater losses, including the Agriculture Department office in Tangent, Ore., from which 23 computers were stolen. Nationwide, the investigators found that: * Two-thirds of the stolen Agriculture Department computers lacked encryption, which means anyone could look at the stored information. Since June, the Bush administration has required that all sensitive information be encrypted. * In more than half of the cases, users of the stolen computers weren't aware whether the Agriculture Department followed up on whether private or sensitive information had been lost. Since June, federal agencies have been required to conduct the follow-up assessments. * More than 2,000 files containing private, sensitive information about farmers were found on computers still located at the Agriculture Department sites visited by investigators. Agency officials attributed this to a programming error, which has since been corrected so that the private information is retained only on central databases Agriculture Department officials expect to complete purchasing an encryption package by the end of March. _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Mar 12 2007 - 22:39:50 PST