Secret Service launches investigation into 'immense' security breach as computer files left on metro

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.telegraph.co.uk/news/worldnews/northamerica/usa/9732223/Secret-Service-launches-investigation-into-immense-security-breach-as-computer-files-left-on-metro.html

The worker was taking the sensitive material from the Secret Service
HQ in Washington to an off-site facility but left them on the train
when he got off.

The tapes contained backup case file information as well as extremely
personal data about employees, including dates of birth and addresses.

Adding to the embarrassment is that the tapes had only "very basic
encryption", meaning that they could easily be hacked.

The embarrassing incident came to light during the "Culture of Secret
Service" investigation, which was launched after the Colombian
prostitute scandal in April.

The Department of Homeland Security Office of Inspector General is
carrying out 13 separate probes into the Secret Service, whose agents
guard the president.

The data loss happened in 2008 when a contract employee working for a
firm which had been hired to transport the tapes volunteered to take
them to the vault in Olney, Maryland as he lived nearby.

When he realised his error, the Secret Service notified transit police
and the Department of Homeland Security, but they were unable to
locate the tapes.

According to Fox News, which first reported the incident, they
contained "personally identifiable information" on employees including
phone numbers, bank account numbers, passport numbers and biometric
information. They also contained backups of a "mishmash of everything"
from computers at Secret Service HQ.

The incident is the second time in eight months the Secret Service has
been embarrassed by its own staff.

In April, 12 agents were put under investigation for using prostitutes
in Cartegena, Columbia, on the eve of President Barack Obama's
official visit – in the very hotel where he was staying.

Eight resigned from their posts whilst the others were cleared of
"serious misconduct", prompting the President to brand them
"knuckleheads".

Amid the fallout, former Secret Service agents and commentators agreed
that it was the worst scandal to hit the organisation in decades.

In a statement, Secret Service spokesman Ed Donovan said: "In February
of 2008, a contract employee whose function was to maintain, secure
and transport this type of information lost two 'backup' tapes on the
DC Metro while transporting them to an off-site facility.

"These backup tapes were not marked or identified in any way and were
protected by multiple layers of security.

"They could not be accessed without the proper equipment, applications
and encoding."

However, another source contradicted this and told Fox News: "It was
very basic encryption. Let's just say it wouldn't take a genius to
crack it."
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.