Defense Contractor Suffers Potential Data Breach

Defense contractor SAIC Inc. transmitted personal information about US Military personel over the internet without encrypting it first, according to the LA Times.

The possible security breach affects about 580,000 military personel and their families. The data included names, addresses, social security numbers, birth dates and “coded health information.”

“The security failure is completely unacceptable and occurred as a result of clear violations of SAIC’s strong internal IT security policies,” Chief Executive Ken Dahlberg said.

A number of employees have been put on administrative leave pending an investigation of how the breach occurred.

Security lapse threatens service members’ data [LA Times]


Edit Your Comment

  1. G-Dog says:

    I’m sure the actual breach went something like this:

    “Thank you for calling SAIC, this is Lindsey, how may I direct your call?”

    “Hello *sniker* my name is Leat Haquor *giggle* and I work with…um…Bob in IT. We’re doing TCPIP maintenance on the server, need to make sure your user name and password match with what we have *sniker*”

  2. banned says:

    The government should be banned from using computers altogether.

  3. ZekeSulastin says:

    @rocnrule: It is a private contractor, not the gov’t itself.

  4. zolielo says:

    Before I got into the line of work that I am in, I thought that it was foolish that personal data was ever lost but with a new perspective gained from experience I can not believe it is more prevalent.

    Much of the work that I do has to be done on site because of sensitivity and confidentiality but practically giving me some “homework” would really add in government response time.

    With the pressure to get the work done by the brass and by citizens, I can definitely see why some people take work home with them and inevitably have it compromised.

    As I do not want to shame my co-workers who shirk their work with my diligent labor and willingness to volunteer my time to help America, I have just been coming in a half hour early and staying a half hour late as to give the cause an extra hour on the down low. That is the only way to go about it as taking work home is asking for trouble…

  5. LTS! says:

    Might I introduce full disk encryption for those moments when you need to send stuff home.

    As far as this breach it fails to state how it was transmitted exactly. If this was from the internal SAIC network then perhaps they should not allow connections on unencrypted ports.

    Still, it was just a clear text transmission and the good news there is that unless someone was listening or logging the packets the risk is minimal, unlike having a hard drive stolen.