YOU ARE HERE: LAT HomeCollections


Millions Affected by Breached Federal Data

A House report deems the incidence of lost or stolen information more pervasive than thought. Most cases are outright theft, it says.

October 14, 2006|Moises Mendoza | Times Staff Writer

WASHINGTON — Incidents of lost or stolen personal data at federal government agencies are more widespread than previously thought, affecting all 19 federal departments and millions of citizens since 2003, according to a congressional report released Friday.

Most of the nearly 800 incidents of data losses have never been publicly reported. The "vast majority" were not accidental misplacements, but rather outright thefts of computers or data disks containing sensitive information such as Social Security numbers. In some cases the data were used inappropriately by employees and private contractors, the report said.

The House Government Reform Committee began investigating data losses after several high-profile security breaches, including the theft in May from an employee's home of a Veterans Affairs laptop containing the personal data of more than 26 million veterans.

Since then, several other agencies, including the Social Security Administration, the Internal Revenue Service and the Department of Health and Human Services, have revealed security breaches that affected thousands more individuals.

The report found that agencies are often slow to realize that data thefts have taken place or how many people were affected by the breaches. And it was unclear how often they have informed citizens that their data might have been compromised, the report added.

Committee member Henry A. Waxman (D-Los Angeles) said federal agencies were losing too much information and suffering too many breaches.

"Americans expect their private information to be protected," Waxman said in a statement. "But the reality is that federal security systems remain far too vulnerable."

According to the report, recent incidents included:

* The loss in March of a Defense Department portable data drive that included personnel records of more than 200,000 Marines who served from 2001 to 2005. The report said the department sent a notification letter to the Marine Cops and the affected Marines.

* The loss of a Department of Education magnetic tape containing the personal information of more than 11,000 student loan borrowers.

* An unauthorized breach of an Air Force database compromising personal data of more than 30,000 members of the military.

Other incidents of data loss were reported to the committee by the departments of Housing and Urban Development, Transportation, State, Treasury, Commerce and Veterans Affairs.

The Commerce Department, for example, reported 214 incidents of lost or stolen computers at the Census Bureau. Veterans Affairs officials reported their data on two large spreadsheets covering hundreds of security and privacy breaches, the report said.

In most cases, the report said, there was little evidence that thieves used the data to steal people's identities. However, the report did cite one identity theft scheme last year by a Health and Human Services contractor that affected more than 1,500 people.

A few incidents have involved hackers looking to use citizens' personal data for illegal purposes, the report said.

Los Angeles Times Articles