10,501 USAF members informed of missing laptop
Technorati Tag: Security Breach
Date Reported:
12/28/07
Organization:
United States Air Force (USAF)
Contractor/Consultant/Branch:
None
Victims:
Active-duty and retired veterans
Number Affected:
10,501
Types of Data:
Names, addresses, Social Security numbers, dates of birth, and telephone numbers.
Breach Description:
A laptop containing sensitive personal information belonging to active-duty and retired members of the United States Air Force has been reported missing from the home of a USAF band member at Bolling Air Force Base in Washington, D.C. The laptop has been missing since November 19, 2007.
Reference URL:
WSFA Channel 12 News Story(Original)
WSFA Channel 12 News Story(Updated)
Report Credit:
WSFA Channel 12 News
Response:
From the online sources cited above:
Air Force Officials contacted WSFA 12 News telling us the personal information of 10,501 people are on a missing military computer.
a military laptop computer is missing and it contains personal information including social security numbers, birth dates, addresses, and telephone numbers of active and retired Air Force members.
The laptop belonged to an Air Force band member at Bolling Air Force Base in Washington D.C.
[Evan] I had to read this twice. A member of the Air Force band was permitted to take personal information home on a laptop?
He reported it missing from his home.
the laptop turned up missing November 19, according to the Air Force. It didn't send out the letter until nearly a month later.
Air Force officials say because the laptop was under strict access control they do not believe the information could be taken.
[Evan] Obviously the laptop is not under strict access control or it wouldn't be missing!
They add the Air Force is reviewing its policies and practices to determine what might need to change to prevent a similar situation in the future.
[Evan] Hey, I have a couple of ideas!
The Air Force tells WSFA 12 News it was intended to be used for an Air Force Band Historical Documentation.
[Evan] What kind of historical documentation requires Social Security numbers be taken home on a laptop?
Victim Reaction from J.J. Evans, a 24 year USAF veteran:
"When you trust someone with that, you expect better."
"When someone gets a hold of a computer, they can wreck things,"
"It's in the best interests of businesses and the government to know as much about us as possible. If a few people get compromised along the way, oh well; it's the cost of doing business,"
[Evan] I can see this logic. Actions by organizations seem to support it. Until people take a stand against it, this is also business as usual.
Commentary:
I am assuming that the laptop in this breach was not encrypted, otherwise it would have been mentioned. It seems really suspicious to me that a band member would need access to Social Security numbers in the first place. To be allowed to copy the information to a laptop and take it home without further restriction (i.e. encryption) is nuts.
A business analogy for this breach might be a member of Research & Development (R&D) being given an HR file so that he/she can keep track of who worked within the department in the past. Social Security numbers would definitely be required!
Past Breaches:
Unknown
Date Reported:12/28/07
Organization:
United States Air Force (USAF)
Contractor/Consultant/Branch:
None
Victims:
Active-duty and retired veterans
Number Affected:
10,501
Types of Data:
Names, addresses, Social Security numbers, dates of birth, and telephone numbers.
Breach Description:
A laptop containing sensitive personal information belonging to active-duty and retired members of the United States Air Force has been reported missing from the home of a USAF band member at Bolling Air Force Base in Washington, D.C. The laptop has been missing since November 19, 2007.
Reference URL:
WSFA Channel 12 News Story(Original)
WSFA Channel 12 News Story(Updated)
Report Credit:
WSFA Channel 12 News
Response:
From the online sources cited above:
Air Force Officials contacted WSFA 12 News telling us the personal information of 10,501 people are on a missing military computer.
a military laptop computer is missing and it contains personal information including social security numbers, birth dates, addresses, and telephone numbers of active and retired Air Force members.
The laptop belonged to an Air Force band member at Bolling Air Force Base in Washington D.C.
[Evan] I had to read this twice. A member of the Air Force band was permitted to take personal information home on a laptop?
He reported it missing from his home.
the laptop turned up missing November 19, according to the Air Force. It didn't send out the letter until nearly a month later.
Air Force officials say because the laptop was under strict access control they do not believe the information could be taken.
[Evan] Obviously the laptop is not under strict access control or it wouldn't be missing!
They add the Air Force is reviewing its policies and practices to determine what might need to change to prevent a similar situation in the future.
[Evan] Hey, I have a couple of ideas!
The Air Force tells WSFA 12 News it was intended to be used for an Air Force Band Historical Documentation.
[Evan] What kind of historical documentation requires Social Security numbers be taken home on a laptop?
Victim Reaction from J.J. Evans, a 24 year USAF veteran:
"When you trust someone with that, you expect better."
"When someone gets a hold of a computer, they can wreck things,"
"It's in the best interests of businesses and the government to know as much about us as possible. If a few people get compromised along the way, oh well; it's the cost of doing business,"
[Evan] I can see this logic. Actions by organizations seem to support it. Until people take a stand against it, this is also business as usual.
Commentary:
I am assuming that the laptop in this breach was not encrypted, otherwise it would have been mentioned. It seems really suspicious to me that a band member would need access to Social Security numbers in the first place. To be allowed to copy the information to a laptop and take it home without further restriction (i.e. encryption) is nuts.
A business analogy for this breach might be a member of Research & Development (R&D) being given an HR file so that he/she can keep track of who worked within the department in the past. Social Security numbers would definitely be required!
Past Breaches:
Unknown
Posts Atom 1.0
A laptop containing sensitive personal information belonging to active-duty and retired members of the United States Air Force has been reported missing from the home of a USAF band member at Bolling Air Force Base in Washington, D.C. Thanks for the descriptions.
Reply to this
"Strict access control" means encrypted requiring a personal access ID card. From a story in AF Times.
Reply to this