U.S. Service Personnel Data Stolen

BStrunk writes "I was reading the news this morning on Reuters, when I stumbled across this article: U.S. Service Personnel Personal Data Stolen In the article, an official violated policy by taking the detailed personal information of thousands of active and reserve troops to his personal home, storing it on a personal computer, that was later stolen. In an age where domestic phone calls are monitored, a government employee was allowed to walk out of a government installation with the data on thousands of American citizens to store on an insecure personal computer? Doesn't that seem strange to you? This is a real failure, in my opinion, in government protection of its citizens. Layers of encryption and protected access was successfully bypassed to make the theft of this information as simple as stealing a home pc. Now, not only do service personnel currently serving have to worry about IEDs and being fired upon, but they are now subject to possible identity theft. A real failure. After this, how could one have faith enough to serve an inept institution?"

Conspiracy?

[neonprimetime]

The burglary from the employee's home in Aspen Hill, Maryland, involved a laptop computer with an external disk drive, officials have said.

2 things...
1.) Wouldn't stuff this sensitive be encrypted if it's sitting on an external disk drive?
2.) Is there some sort of conspiracy going on? With the terrorist arrests in California and Canada? Perhaps somebody is planning something big ... and it starts by gathering all the personally identifiable information they can get on us citizens? (first the vets data was stolen, now this) ... Maybe the US terrorist threat level should be raised to red!

Not a dupe!

[GundamFan]

It's not a Dupe... this is a diffrent theft, the origonal data stolen was from the V.A. database.

It just happened exactly the same way...

I guess Slashdot can't help if the news is repetative.

Re:Once again. . .

[jsnipy]

(most)Army civ employees are crap ... they make all contractors feel like cinderella (or cindarellus) for doing all of the work they [can't]/[won't]/[incapable of doing] while they rot on the vine. Tons of tax $$$$ could be saved by cutting these leechy turds loose.

Publish the SSNs !

[GlobalEcho]

I know that in this case more than social security numbers were taken. But this is a good spot to say that I would like the US government to publish, for free download, a list of all issued SSNs and their associated names. Then the banks, insurance companies, universities and so on will have to stop pretending the damn things are secret.

The news worse then the incident

[Momoru]

Someone stole a laptop. It would be wiped and sold on the street. 99% chance no one would be the wiser, the thief didn't know what he had. Now news comes out that there could be a laptop with tons of valuable info...thiefs all now look to see if they have the golden laptop! Another case where the news of the incident makes the problem worse. Lets make a big deal of this when someone actually knows they have this data and uses it for ill intent.

This makes me suspicious it was an inside job

[spun]

This was different data, on the same damn laptop. I think the guy was in on it. Nothing else was stolen, just his laptop, which, oopsie! had not one but two sets of valuable data which were not supposed to be on it. Here's what I think went down:

Dude had some bad debts to some bad men. Said bad men approached him with a way he could pay them off. Just get data for ID theft on his laptop then leave it in his house and they would make it look like a burglary. Dude does so, and reports laptop stolen, but not the data on it. Later, after other Bad Dudes are off his back, dude has a change of heart and admits the data was on the laptop.

I know, never ascribe to malice or greed what can adequately be ascribed to incompetence, but I think the facts in this case are pretty damn fishy.

Re:Official Use Only Information

[cyclone96]

Government control of this sort of information can often be very poor, because there are not business or contractual ramifications.

I work for the federal government, and I often travel overseas with a government owned laptop. That laptop usually has export controlled (but unclassified) information on it.

Whenever I do this I have to fill out many forms documenting exactly what is on that laptop. When I asked why, it was "so we know what was on it if you loose it - that would technically be an export, and we need to document it".

OK - so I point out that we ought to encrypt the data (which is quite easy) so we don't even have to bother with that and not worry about it being exported.

Blank stare, and then a "Please just fill out the forms". I could mail the laptop to China and they probably wouldn't care, as long as the SF8574 is on file at the export control office.

Now, on the other hand I know for a fact that if one of our contractors would lose that same data, there would be hell to pay - not from the government directly, but his own company which has been penalized heavily on other contracts for mishandling information. They have built a culture of sensitivity to information that should be protected. In the government, I really only detect that when dealing with classified data (which can have big time personal ramifications if mishandled).

Re:Excuse me?

[The Good Reverend]

This isn't a failure of the US Army as a whole, but it was due to the indiscretionary act of one person.

If one person can do this kind of damage, then the problem is with the system, not just that person.