CONSUMER NEWS RECALLS COMPLAINT FORM SCAM ALERTS

Small Claims Guide \| Class Actions \| Lemon Law \| FAQ \| Resources \| Newsletters \| Spanish
Automotive Education Electronics Family Finance Health Homeowners Shopping Travel

Government Data Losses Widespread

Every Agency and Department Has Lost Private Citizens' Data

By Martin H. Bosworth
ConsumerAffairs.com

October 17, 2006

Data Theft
• Bank Data Breach Affects 12.5 Million Consumers
• Data Breaches Exceed 2007 Record
• Thieves Steal AT&T Laptop with Employee Data
• Report: Data Breach Disclosure Laws Don't Affect Identity Theft
• Patient Information Exposed in Data Breach at Walter Reed
• Supermarket Chain Reports Data Breach
• Report: Feds Still Not Doing Enough To Secure Data
• Data Thieves Hit Georgetown University Students, Faculty
• 800,000 Job Seekers At Risk In Gap Data Breach
• TJX Data Breach Settlement Has Strings Attached
• More ...

A new Congressional report reveals that the government's data security troubles are worse than previously reported, and that every agency or department has suffered a breach of some kind.

The House Committee on Government Reform commissioned a report asking for information on every breach of data security the government has suffered since Jan. 1, 2003.

The completed report contained 788 incidents of data loss or theft; the dubious honor of most individual incidents went to the Treasury Department, with 340 separate cases of data breaches in the past three years.

The Committee blasted government agencies for not keeping track of data thefts or even knowing what information was lost much of the time.

"In many cases, agencies do not know what information they have, who has access to the information, and what devices containing information have been lost, stolen, or misplaced," the report said.

"In addition, in almost all of the reported cases, Congress and the public would not have learned of each event unless the Committee had requested this information."

The Committee gave the government a mark of "D+" for its yearly information security reports, saying that many agency scores remained low or decreased "precipitously" through 2006.

The report found that the majority of data breaches came from the loss or theft of equipment containing personal data, such as laptop and desktop computers, or personal storage devices.

Outside attacks by hackers or incidents of accidental posting of private data were less common, but contributed to the remainder of total data breach incidents over the three-year-period.

Third-party private contractors took much of the blame for incidents of data loss, as many of the government's information technology functions have been outsourced to outside companies.

The instances of data theft compiled in the report include the following:

• A contractor working for the Department of Education's Federal Student Aid program lost a package containing personal information on over 8,000 borrowers, when it elected to ship the data via commercial transit. The Department never notified any of the borrowers that the loss occurred.

• A contractor employed by the Department of Homeland Security's Citizenship and Immigration Services (CIS) division left boxes of documents containing sensitive personal information by a dumpster. The documents contained Social Security numbers, completed I-9 forms, and other personally identifying data.

• The Centers for Medicare and Medicaid Services (CMS) reported the loss of a laptop containing personal and medical data on nearly 50,000 Medicare beneficiaries in June 2006, when it was stolen from an employee of a contracting agency working for CMS.

The report was commissioned after the loss of a laptop containing 26.5 million veterans' personal records from the home of an analyst who worked for the Veterans' Administration. The theft remains the benchmark for government-related data breaches, and agencies have scrambled to put new safeguards on access to and storage of data since the theft.

Other examples of recent data breaches from government agencies include the temporary exposure of personal information for 21,000 student loan borrowers on a Web site run by the Department of Education.

Rep. Tom Davis (R-Va.), chairman of the Government Reform Committee, recently authored a bill that would supposedly do more to improve data security practices and enforce better control of equipment. The bill was roundly criticized for not offering much in the way of substantial plans beyond "instituting procedures" in the event of a data breach.

The complete text of the report is available online (.pdf file).

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

September 8 2008

FREE CONSUMER NEWSLETTERS

The Daily Consumer
Afternoons M-F
Sign up now!

Consumer News & Alerts
Every Sunday
Sign up now!

Knowledge is free.
Knowledge is power.

Back to the top |

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice. ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof.