Tuesday, October 06, 2009

Psst! - 70 million US Vets are in the Same Boat as Navy Counterparts


October 05, 2009 - A Wired article claims a defective hard drive supporting the eVetRecs program (system for veterans to obtain copies of health and discharge records), was returned by the U.S. National Archives and Records Administration to GMRI for repair. GMRI determined the drive irrepairable and sent it to Sims Recycling Solutions to be recycled.

The problem? The hard drive's data (millions of names and social security numbers) was never deleted nor destroyed [color added]:


"This is the single largest release of personally identifiable information by the government ever,” Hank Bellomy, a NARA IT manager, told Wired.com. “When the USDA did the same thing, they provided credit monitoring for all their employees. We leaked 70 million records, and no one has heard a word of it.

Consultant Robert Siciliano observed that the hard drive should have never left the facility. “A $2,000 hard drive with millions of social security numbers is worth millions, maybe billions of dollars if it gets into the hands of a criminal. The ‘loss' of data like this can cost a government agency or corporation millions to respond to the breach. The Pentagon requires that old or defective drives be de-magnified or destroyed.“ With this data, a thief can open a new account such as a credit card and have the card sent to a different address.

Identity theft fraud destroys victims' credit and often becomes a long, messy clean-up process.

But wait, it gets worse! We must guess where the offshore recycling outfit was.

Conveniently, “NARA does not believe that a breach of PII (personally identifiable information) occurred, and therefore does not believe that notification is necessary or appropriate at this time,” NARA told Wired.com in an e-mailed background paper (pdf).

In case you missed the CBS 60 Minutes story about exports of US electronic scrap to developing countries, here are a few troubling aspects in just 42 seconds.








Labels:

0 Comments:

Post a Comment

<< Home

|