BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

OT? US Gov cyber insecurity incidents

From: Al Mac <macwheel99 () sigecom net>
Date: Mon, 07 May 2007 23:07:53 -0500
Here's the report card (PDF) that The House Committee on Oversight and 
Government Reform issues each year on cyber security at various government 
agencies.
http://republicans.oversight.house.gov/Media/PDFs/FY06FISMA.pdf

In the wake of the VA incident, The House Committee on Oversight and 
Government Reform asked all federal agencies for details on any other 
incidents involving loss of personal sensitive information.  They learned 
about 788 incidents Jan 2003-July 2006.  By my math, that's more than one 
every other day on average.

I saw an article about this & went hunting for original source (url below).
Well looks like this data was gathered about a year ago, but then in some 
cases more info came out that showed the data was incomplete.

Every federal angency has computer security breaches.
They do not always know what data has been lost.

The vast majority of the breaches are the loss of hardware, such as theft 
of laptops.
Many of the breaches are by private contractors.

Dept of Agriculture 8 incidents
Dept of Commerce 297 incidents
Dept of Defence 43 incidents
Dept of Education 41 incidents
Dept of Energy 7 incidents
Dept of Health & Human Services 24 incidents

Dept of Homeland Security 6 incidents but the committee continues to ask 
hard questions 
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=9&issue=36&rss=Y#sID202

Dept of Housing and Urban Development 1 incident
Dept of Interior 8 incidents
Dept of Justice 2 incidents
Dept of Labor 3 incidents

Dept of State 1 incident but got grade F for cyber security from House 
Commitee on Oversight etc. 
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1251763,00.html 


Dept of Transportation 1 incident ... a subsequent FOIA inquiry found out a 
ton of other incidents

Dept of Treasury 340 incidents
Dept of Veteran Affairs ... hundreds of incidents
Office of Personnel Management 3 incidents
Social Security Administration 3 incidents

example incidents are given on each agency

http://209.85.165.104/search?q=cache:etHfNZnxgEUJ:oversight.house.gov/Documents/20061013145352-82231.pdf+Oversight+Reform+compromise+sensitive&hl=en&ct=clnk&cd=2&gl=us

Systemic failure at the White House protecting classified information..
http://oversight.house.gov/story.asp?ID=1264


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 207 million compromised records in 649 incidents over 7 years.
Previous By Date Next
Previous By Thread Next

Current thread: