NARA- Hard Drive From Executive Office of President Clinton Missing
May 20, 2009 | Leave a Comment
By Ben Bain
Nara suffers data breach, investigation under way into missing hard drive with personal information.
An external hard drive with personally identifiable information from the Executive Office of the President during the Clinton administration is missing from a National Archives and Records Administration facility near Washington, government officials have said.
The missing device has copies of electronic storage tapes with data about White House staff members and visitors from the Clinton era, and the amount of personal information missing isn’t known, NARA said in a statement released May 19. The agency’s inspector general is investigating the incident. Officials said staff members confirmed that the hard drive went missing in early April, and they subsequently informed agency officials, the Homeland Security Department’s U.S. Computer Emergency Readiness Team and Clinton’s representative.
NARA also said it will issue a breach notification to people affected by the loss, and it has reviewed its internal controls and improved security processes.
NARA’s IG briefed staff members of the House Oversight and Government Reform Committee May 19, and Rep. Edolphus Towns (D-N.Y.), the committee’s chairman, and ranking member Rep. Darrell Issa (R-Calif.) said they would pursue the issue.
“I am deeply concerned about this serious security breach at the National Archives,” Towns said. He plans to hold separate briefings for committee members with NARA’s IG and the FBI so they can “begin to understand the magnitude of the security breach and all of the steps being taken to recover the lost information.” Towns said the FBI is conducting a criminal investigation into the matter.
Issa’s office said the missing drive contains 1T of data with “more than 100,000 Social Security numbers (including Al Gore’s daughter), contact information (including addresses) for various Clinton administration officials, Secret Service and White House operating procedures, event logs, social gathering logs, political records and other highly sensitive information.”
“This egregious breach raises significant questions regarding the effectiveness of the security protocols that are in place at the National Archives and Records Administration,” Issa said. He also called on Adrienne Thomas, NARA’s acting head, to testify about the incident during a hearing the committee’s Information Policy, Census and National Security Archives Subcommittee plans to hold May 21.
Source: Federal Computer Week
United States Missile Data Found on eBay Hard Drive
May 7, 2009 | Leave a Comment
US missile data found on eBay hard drive
By Gareth Llewellyn, Press Association
Thursday, 7 May 2009
The launch procedures for a US military missile air defence system were found on a second-hand hard drive bought on eBay, researchers revealed today.
More than 300 hard disks were studied and researchers uncovered other sensitive information including bank account details, medical records, confidential business plans, financial company data, personal id numbers, and job descriptions.
The drives were bought from the UK, America, Germany, France and Australia through computer auctions, computer fairs and eBay.
The exercise was carried out by BT’s Security Research Centre in collaboration with the University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the US.
A spokesman for BT said they found 34% of the hard disks scrutinised contained “information of either personal data that could be identified to an individual or commercial data identifying a company or organisation.”
The researchers concluded that a “surprisingly large range and quantity of information that could have a potentially commercially damaging impact or pose a threat to the identity and privacy of the individuals involved was recovered as a result of the survey.”
Perhaps most surprising was the discovery of a disk bought on eBay that revealed details of test launch procedures for the THAAD (Terminal High Altitude Area Defence) ground to air missile defence system, used to shoot down Scud missiles in Iraq.
The disk also contained security policies, blueprints of facilities and personal information on employees including social security numbers, belonging to technology company Lockheed Martin - who designed and built the system.
Two disks appear to have been formerly used by Lanarkshire NHS Trust to hold information from the Monklands and Hairmyres hospitals including patient medical records, images of x-rays, medical staff shifts and sensitive and confidential staff letters.
In Australia, one disk came from a nursing home and contained pictures of patients and their wounds.
Confidential material including network data and security logs from the German Embassy in Paris were also discovered on a disk from France.
Other information uncovered included the trading performances and budgets of a UK-based fashion company, corporate data from a major motor manufacturing company and the details of a proposed 50 billion currency exchange through Spain involving a US-based consultant.
Dr Andy Jones, head of information security research at BT, who led the survey, said: “This is the fourth time we have carried out this research and it is clear that a majority of organisations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks.
“For a very large proportion of the disks we looked at we found enough information to expose both individuals and companies to a range of potential crimes such as fraud, blackmail and identity theft.
“Businesses also need to be aware that they could also be acting illegally by not disposing of this kind of data properly.”
Dr Iain Sutherland of the University of Glamorgan said: “Of significant concern is the number of large organisations that are still not disposing of confidential information in a secure manner. In the current financial climate they risk losing highly valuable propriety data.”
Source: The Independent
