[ISN] Probe Targets Archives' Handling of Data on 70 Million Vets

From: InfoSec News <alerts_at_private>
Date: Fri, 2 Oct 2009 04:36:37 -0500 (CDT)
http://www.wired.com/threatlevel/2009/10/probe-targets-archives-handling-of-data-on-70-million-vets/

By Ryan Singel 
Threat Level
Wired.com
October 1, 2009

The inspector general of the National Archives and Records 
Administration is investigating a potential data breach affecting tens 
of millions of records about U.S. military veterans, Wired.com has 
learned. The issue involves a defective hard drive the agency sent back 
to its vendor for repair and recycling without first destroying the 
data.

The hard drive helped power eVetRecs, the system veterans use to request 
copies of their health records and discharge papers. When the drive 
failed in November of last year, the agency returned the drive to GMRI, 
the contractor that sold it to them, for repair. GMRI determined it 
couldn.t be fixed, and ultimately passed it to another firm to be 
recycled.

The incident was reported to NARA.s inspector general by Hank Bellomy, a 
NARA IT manager, who charges that the move put 70 million veterans at 
risk of identity theft, and that NARA.s practice of returning hard 
drives unsanitized was symptomatic of an irresponsible security mindset 
unbecoming to America's record-keeping agency.

"This is the single largest release of personally identifiable 
information by the government ever," Bellomy told Wired.com. "When the 
USDA did the same thing, they provided credit monitoring for all their 
employees. We leaked 70 million records, and no one has heard a word of 
it."

But NARA says the lost drive is not a problem because its contractors 
signed privacy promises in their contracts, though the agency has since 
changed its policy to require that sensitive media be destroyed by NARA 
itself.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Fri Oct 02 2009 - 02:36:37 PDT

This archive was generated by hypermail 2.2.0 : Fri Oct 02 2009 - 03:01:26 PDT