John Edwards on September 4, 2007

A report released late last year by the House Committee on Government Reform paints a frightening picture of the lackadaisical approach many government agencies and employees take toward sensitive data. The report, which detailed every data breach the government has suffered since the beginning of 2003, listed 788 incidents of data loss or theft, including taxpayer names, addresses, Social Security numbers, nuclear secrets and various other bits of vital information.

           Related Articles:

• Top 10 U.S. Government Web Break-ins of All Time
• IT Security Email Security Comparison Guide
• Personal Firewalls: Boon or Bane to IT?
• Definitive Guide to Network Security

Some highlights:

• On February 28, 2006, a U.S. Department of Labor laptop containing personal information on 1,137 individuals was lost by an employee conducting an investigation of potential civil and criminal violations. The laptop held the Social Security numbers of about half — 570 — of these individuals.
• On May 8, 2006, a data-backup tape containing veteran and Veteran Affairs employee case-tracking information on 7,579 individuals was reported missing.
• On June 3, 2006, three systems were compromised, potentially making available the names, Social Security numbers and photos of 26,000 U.S. Department of Agriculture employees, contractors and retirees.
• On June 13, 2006, personal information affecting an unknown number of individuals was mistakenly faxed by the OPM (Office of Personnel Management) to another government agency. OPM does not believe the information was compromised because the recipient promptly destroyed it upon receipt. In response to the incident, the department responsible for the incident reminded the staff to be more cautious when sending faxes.
• On June 25, 2006, a CD containing 30,000 veterans' names and addresses was lost by a U.S. Government Printing Office subcontractor.
• On July 1, 2006, the U.S. Department of Commerce learned that a former employee had copied sensitive letters and a database of employee information. The documents contained medical information on 51 employees, including names, home addresses, descriptions of issues, and employees’ medical diagnoses and prognoses. The database included information about 883 cases involving current and former employees.
• In August 2006, the Office of Inspector General at the U.S. Department of Transportation lost two laptops containing information on more than 133,000 people.

As if all of these incidents weren't enough, even more frightening is the fact that the government continues to misplace critical data. In late May, according to a Newsweek magazine report, a staffer at the Los Alamos Nuclear Laboratory took his lab laptop — which contained sensitive government documents — on a vacation to Ireland. The system was stolen from a hotel room and has not yet been recovered. The following month, a Los Alamos scientist involved in weapons-design research sent an email to colleagues at a Nevada nuclear test site. The message, containing highly classified material, was transmitted over the open Internet rather than through the secure defense network, according to Newsweek magazine.

Even more recent: Over the past few months, a huge identity-theft hack lifted the personal information of 146,000 people who use USAJobs, the federal government's official job search site. This was part of an even larger hack that stole even more data from the jobs site Monster. Unlike the Monster part of the hack, it seems that no Social Security numbers were taken in the USAJobs hack.

If these incidents disturb you and make you wonder if the government can be trusted with data any more sensitive than a Philadelphia Eagles football schedule, you're not alone. "Data held by federal agencies remains at risk," noted the House Committee's report. "In many cases, agencies do not know what information they have, who has access to the information and what devices containing information have been lost, stolen or misplaced."

Related Articles:

Top 10 U.S. Government Web Break-ins of All Time

IT Security Email Security Comparison Guide

Personal Firewalls: Boon or Bane to IT?

Definitive Guide to Network Security