Lost hard drive and other government data blunders
- 21 May, 2009 10:16
The U.S. government says it's lost — yes, lost — an entire hard drive full of sensitive data. The external drive, stored at the U.S. National Archives and Records Administration, held personal data from the Clinton era, including information about White House staff and visitors and electronic storage tapes from the Executive Office of the President.
Unfortunately, this isn't the first flub-up we've seen when it comes to seemingly dumb data mistakes by major government agencies. In fact, there have been several winners since just last year. Here, then, are our top four government data blunders of recent months, starting with this week's National Archives revelation.
4. The National Archives' Hard Drive Disappearance
The National Archives' hard drive contained an "as yet unknown" amount of data, the office says. Home addresses and Social Security numbers are believed to be a part of the information. Some reports even suggest personal details about one of Al Gore's daughters could be included, as could details about Secret Service security procedures used during the Clinton years.
The thing's apparently been missing since April, even though it was just announced today. Most flummoxing, though, is the fact that quoted officials say it may have been "accidentally misplaced." Right — because a government hard drive with this type of data doesn't deserve, I don't know, maybe just an extra shred of caution when it comes to its handling.
Welcome to the list, National Archives.
3. The TSA's Lost-Then-Found Fumble
The Transportation Security Administration: protectors of our skies; guard gates of our... well, gates. Surely, an agency charged with keeping airports safe would know a thing or two about security. Right?
Not necessarily. Time to rewind back to last summer, when the TSA announced one of its checkpoint laptops from the San Francisco airport was missing. The PC was used to control a "fast-pass" security prescreening program and held unencrypted personal info on 33,000 passengers.
The media was notified, a full investigation was launched, and the prescreening program was sent into partial lockdown. A week later, the TSA found the laptop — wait for it — in its own office. Top-notch.
The TSA also, by the way, lost an external hard drive with employee data in 2007 and "maybe" mailed about 1,200 former workers' Social Security numbers and birth dates to random people a year before that.
2. The U.S. Military's eBay Embarrassment
MEMO: Do not sell old hard drives containing sensitive military information on eBay. *
* What a U.S. military contractor evidently forgot to send out.
Throw this one into the "how not to manage security" file: Just this month, security researchers announced they'd located launch procedures for a U.S. missile air defense system on a hard drive bought off eBay. The drive, reports indicated, had detailed information about a system used to shoot down missiles in Iraq, along with security policies, facility blueprints, and the always popular list of employee Social Security numbers.
The drive has been tied to Lockheed Martin, which developed the aforementioned defense system. In its defense, though, other drives bought off eBay in the same sweep were found to contain bank medical records, business plans, and detailed information about bank accounts, among other things. So at least it has some company in the "d'oh!" department.
1. The U.K.'s Vanishing Disks. And Hard Drives. And Memory Sticks. And Computers.
Impressive as those feats are, there's little question the U.K. takes the cake when it comes to dumb data mistakes over the past months. The nation's top government number crunchers probably can't even keep count of stupid slip-ups that have plagued various agencies. There were the lost laptops (45,000 citizens' information exposed; 30,000 of them never notified), the lost CDs (3,000 workers' data disappeared; information all unencrypted), the lost drivers' data (3 million Department of Transport files misplaced), the lost military laptop (620,000 recruits' info exposed), and the lost prison system memory stick (84,000 prisoners' information set free). And that's just the tip of the idiotic iceberg.
The BBC estimates the U.K. government fumbled about 4 million people's personal information within a single year, from mid-2007 to mid-2008. It's not just the small stuff, either: The government apparently was losing computers at a rate of one PC per week for a while, too, some analyses suggested.
Not that anyone's counting. Quite obviously.