Probe Targets Archives' Handling of Data on 70 Million Vets

[lyger <lyger () attrition org>]

http://www.wired.com/threatlevel/2009/10/probe-targets-archives-handling-of-data-on-70-million-vets/

The inspector general of the National Archives and Records Administration 
is investigating a potential data breach affecting tens of millions of 
records about U.S. military veterans, Wired.com has learned. The issue 
involves a defective hard drive the agency sent back to its vendor for 
repair and recycling without first destroying the data.

The hard drive helped power eVetRecs, the system veterans use to request 
copies of their health records and discharge papers. When the drive failed 
in November of last year, the agency returned the drive to GMRI, the 
contractor that sold it to them, for repair. GMRI determined it couldn.t 
be fixed, and ultimately passed it to another firm to be recycled.

The incident was reported to NARA's inspector general by Hank Bellomy, a 
NARA IT manager, who charges that the move put 70 million veterans at risk 
of identity theft, and that NARA's practice of returning hard drives 
unsanitized was symptomatic of an irresponsible security mindset 
unbecoming to America's record-keeping agency.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php