Database
security is non-existent, stolen computers, breach of information files of
high-profile citizens, personal details of veterans inadvertently included with
public information on federal Web site that allows the public to search for
details of government contracts and spending... and on and on it goes.
Who is watching the supposed "Watchdogs”? Anybody have any
good suggestions to pass on to help close up all the gaps and leaks?
Marlene
Originally appeared in Computerworld on 2008-11-03 posted by Jaikumar Vijayan
One affects passport applicants, the other, VA patients
November
3, 2008 (Computerworld)
One of them is the U.S. Dept. of State, which last week
disclosed that it had notified close to 400 individuals that the data they had
submitted with their passport applications had been stolen in a database intrusion.
And last Saturday,
the U.S. Department of Veteran's Affairs (VA) said that one of its medical
centers in Oregon had
The breach at the
State Department occurred in March at around the same time the agency disclosed
that some of its contractors had illegally snooped on passport records belonging to Sen. Barack Obama (D-Ill.), Sen. John McCain (R-Ariz.) and other high-profile
citizens, according to a spokeswoman.
That disclosure
triggered a review of the security controls protecting the State Department's
Passport Information Electronic Records System (PIERS), which contains records
on 192 million passports for 127 million people. An Inspector General's report was released in July and identified "many control
weaknesses" -- including a general lack of policies, procedures and
training for protecting passport data at the State Department. The report noted
that there were about 20,500 users with active PIERS accounts as of May, with
about 12,200 of them being employees or contractors at the department.
According to a
State Department spokeswoman, 383 records were illegally accessed by a State
Department employee. That worker has since been terminated, the spokeswoman
said. All of those who were affected by the incident have been notified by the
department and have been offered one year's worth of free credit monitoring.
The notifications were sent out in two batches, with the first set going out on
July 10 and the second on Oct. 6.
When asked how the
agency discovered the breach and why it took so long to notify affected
individuals, the spokeswoman cited a previous explanation of the events by Sean McCormack, another spokesman at the
agency. McCormack said the department learned of the breach at around the same
time the snooping incidents were disclosed publicly, but offered no further
details.
According to The Washington Post, the State
Department was tipped off to the intrusion in March by police officers in Washington
The driver of the
car, identified as Lt. Q. Harris Jr., told police that he was working with a
co-conspirator at the State Department and someone who worked for the U.S.
Postal Service, the Post reported. While awaiting trial, Harris was
killed about a month later in a shooting that his mother believes was directly
related to his involvement in the passport fraud case.
So far, the stolen
data doesn't appear to have been misused, the State Department spokeswoman
said. However, she noted that the investigation into the incident is ongoing
and did not rule out the possibility that more people could be affected.
Meanwhile, in
another embarrassment for the VA, one of its medical centers in Portland Ore.
The information
was inadvertently included in agency financial records that were transferred to
a the spokesman said.
The VA spokesman
declined to respond to Computerworld's request for comment.
For the VA, the
incident is only the latest in a string of embarrassing data breaches starting
with its loss -- and subsequent recovery -- of a laptop and storage disks
containing personal data on more than 26 million veterans in May 2006.
Just two weeks
ago, the agency suspended all shredding activity after a routine audit by its
inspector general found that several original copies of veterans' applications
for financial benefits were slated for shredding.
Last November, the
agency said it was investigating a potential data compromise involving about 12,000 veterans after three
computers holding the data were stolen from a VA facility in Indianapolis.
In August 2006,
the VA disclosed that Unisys Corp., a subcontractor hired to assist in
insurance collections for VA medical centers in Pittsburgh
О! Slo quiero decir lo que es un gran blog ha llegado hasta aqu! He estado alrededor durante bastante tiempo, pero finalmente decidi mostrar mi aprecio por vuestro trabajo! Pulgar hacia arriba, y mantenerlo en marcha!
Posted by: olimpiada Sochi | December 05, 2010 at 03:02 PM
IF ONE NANOSECOND EQUALS ONE BILLIONTH OF ONE SECOND, HOW MANY NANOSECONDS DID YOU WASTE READING THIS MESSAGE?
DIXIE J. BARBER
JACKSON, MISSISSIPPI
Posted by: DIXIE J. BARBER | November 30, 2008 at 07:41 PM