washingtonpost.com
NEWS | LOCAL | POLITICS | SPORTS | OPINIONS | BUSINESS | ARTS & LIVING | GOING OUT GUIDE | JOBS | CARS | REAL ESTATE |SHOPPING
Loss of Personal Data at Federal Agencies Is Widespread

Monday, October 16, 2006

Federal workers at 19 agencies have lost personal information affecting thousands of employees and the public. Most of the data were lost or stolen. In a few cases, it was accessed by computer hackers, according to a report released Friday by the House Government Reform Committee.

In all, the committee reported 788 incidents involving the loss or compromise of sensitive information since Jan. 1, 2003. That was in addition to the "hundreds of security and privacy incidents" at the Department of Veterans Affairs.

"Data loss is a government-wide occurrence," the report said. "The vast majority of data losses arose from physical thefts of portable computers, drives and disks or unauthorized use of data by employees."

The committee asked all Cabinet agencies, the Office of Personnel Management and the Social Security Administration to report all losses of sensitive personal information since January 2003. The request came after a laptop with information for more than 26.5 million military personnel was stolen from a VA employee in May. The laptop was recovered, and the FBI said personal data had not been copied.

In many of the newly reported cases, agencies do not know the extent of the losses, the report said.

The Treasury Department reported the most incidents -- 340 -- including one in 2005 in which an IRS employee reported a missing computer drive a month after he had last seen it.

The Commerce Department reported 297 incidents since January 2003. But in another report in September, the department acknowledged losing 1,137 laptops since 2001; most had been used by the Census Bureau.

Other security breaches cited in the report:

· In August, a laptop containing personal information on 30,000 applicants, prospects and recruiters fell off a motorcycle driven by a Navy recruiter and was picked up by someone.

· In 2004, a federal student-aid contractor used a commercial shipper to send information on 8,290 borrowers. The package was lost in transit.

· A computer hacker used "malicious software" to access files containing personal information on 1,717 employees of the National Nuclear Security Administration in 2005.

· Two employees of a contractor for the Centers for Medicare and Medicaid Services stole records containing information on 1,574 Medicare beneficiaries "for the purpose of identity theft" in 2005.

· A company that issues charge cards for the Interior Department lost data tapes containing information on 61,000 cardholders in 2005.

· In July, six Justice Department employees submitted computerized attendance reports containing Social Security numbers. The reports were downloaded 220 times and viewed 7,772 times.

-- Associated Press

View all comments that have been posted about this article.

© 2006 The Washington Post Company