Posted on 06/23/2006 8:59:49 PM PDT by Libloather
Sailors' Social Security nos. on Web site
By LOLITA C. BALDOR, Associated Press Writer
55 minutes ago
Sailors man the rails as the amphibious transport dock USS Nashville (LPD 13), an element of the amphibious assault ship USS Iwo Jima Expeditionary Strike Group (ESG), departs Naval Station Norfolk in Norfolk, Virginia, June 6, 2006. Personal data on 28,000 U.S. sailors and their families appeared on a public Web site this week, the Navy said on Friday, marking the latest in a string of data breaches involving American military personnel. (Matthew Bookwalter/U.S. Navy/Handout/Reuters)
WASHINGTON - The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian Web site.
The Navy said Friday the information was in five documents and included people's names, birth dates and Social Security numbers. Navy spokesman Lt. Justin Cole would not identify the Web site or its owner, but said the information had been removed. He would not provide any details about how the information ended up on the site.
Cole said there was no indication so far that the information was used illegally, but individuals involved were being contacted and encouraged to monitor their bank accounts and credit cards.
Meanwhile, the General Accountability Office said it removed archival records from its Website this week containing some personal identifying information of fewer than 1,000 government workers. The data included some individual names and Social Security numbers.
The breach regarding the Navy comes amid a rash of government computer data thefts, including one at the Agriculture Department earlier this week in which a hacker may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors.
As many as 26.5 million veterans and current military troops may have been affected by the theft of a laptop computer containing their Social Security numbers and birth dates. The computer was taken from the home of a Veterans Affairs Department employee in early May, and officials waited nearly three weeks before notifying veterans on May 22 of the theft.
As many as a half dozen federal agencies have been affected by computer data losses in recent months.
In a letter Friday to Defense Secretary Donald H. Rumsfeld, one member of Congress asked for details on the Navy incident, and questioned whether the Defense Department will make sure a free credit help is provided for those affected.
U.S. Rep. Edward Markey, D-Mass., said he had asked Rumsfeld two years ago about the implications of federal agencies outsourcing data collection and processing activities. While there is no indication that outsourcing was the problem in the Navy case, Markey said he wants to know what effect that would have on the security of information on military personnel.
The Naval Criminal Investigative Service is investigating the breach. The initial discovery was made by the Navy Cyber Defense Operations Command, which routinely monitors the Internet for such problems.
The Navy said individuals can place a 90-day fraud alert on their credit reports, and provided information on companies to contact. Cole said there has been no decision made yet on whether the Navy will pay for credit monitoring.
Information on how to watch for suspicious activity can be found at the Navy Personnel Command's Web site, http://www.npc.navy.mil.
Does it strike anyone as strange that until a year ago you never hear about this. Now in the last 2 months there have been at least 8 different incidents of private information appearing on the internet or stolen on laptops.
Is this part of Jihad?
he had asked Rumsfeld two years ago about the implications of federal agencies outsourcing data collection and processing activities
If they can't protect the data it needs to be brought back in-house. Our servicemen and women deserve better than that.
This crap is treasonous. Some bureaucrats must go to jail.
Ping
Reson number two that social security needs to be ablolished. The use of the SSN for identity is not only immoral, but until fairly recently illegal. Does anyone here still have an older SSN card that has the words "not to be used for identity" on it?
I also think that the Income Tax is unconstitutional and immoral. We really need to pressure our representatives to do what's right for us, their conservative right (and mean that in the correct sense) thinking constituents.
This sounds a lot to me like infiltration. Sophisticated. PRC Chinese?
What father names his daughter Lolita?
My guess, this is mostly HIPAA related. HIPPA federal regulations require that banking, insurance and healthcare (maybe others) ensure that No Personal Data is available to ANYONE wihtout "need to know" status. It has been a pain in the A$$ for businesses to meet the regulation requirements. However, this incident is just the type of thing that makes HIPAA worth-while. Take the stolen VA lap-top problem...years ago, before HIPAA compliance requirements, you would have never even known about someone taking your personal data home for work, let alone that their laptop (disks, CDs, etc) may have been stolen. I'm not for big government, but HIPAA regulations in general are a good thing.
You took the words out of my mouth.
But to bring it back inhouse, they will have to recreate what they used to have...those employees are gone with the wind.
Computer tech stuff got centralized, competitive sourced out, and is done for the government by private contractors for the most part any more.
It's not the bureaucrats who are supplying the security. Companies bid on this stuff.
It's not just military, though. I rec'd notice from my bank a few months ago that there was a security breach. My husband, who already had the vet breach going on, rec'd an email the other day saying there had been a breach of NYS employees' personal info. Not him, thankfully.
Government work needs to be outsourced (to US contractors) until it can fix its own problems. I have been on both sides of the fence. Medicare is a perfect example of FUBAR processes.
Wasn't that long ago that a whole lot of government issue credit card numbers were compromised because of lost data disks....by the issuing bank.
This situation IS the result of government outsourcing to private contractors. They're the ones who have been in charge of computer security now for awhile now. And it's sloppy. And it can take six or eight weeks to get your computer fixed if it gets a virus.
I had already been the victim of credit theft from 1999 when there were several different rings at NAS Oceana using names and SSN's to get fraudulent credit. Unfortunately, you can't take a leak in the military without using your SSN.
I understand that, but it is an unacceptable cop out to hold private contractors directly liable. Mid-level bureaucrats set up the outsourcing and I assume some mid level bureaucrat is responsible for oversight. That is the problem with our incompetent government, they pass laws that they do not have the moral will to enforce and they establish programs that they do not have the will or competence to oversee.
Wasn't that long ago that a whole lot of government issue credit card numbers were compromised because of lost data disks....by the issuing bank.
Perhaps you are correct. Not outsourcesing is the ultimate answer. But, like I said, feederal agencies are not yet capable of handeling the demand that are NOW. It would be ideal to have everything internal. Unfortunately, change in a federal agency requires time.
Sorry about the typos...I am not a great typist and its late for me.
There are very few mid-levels left who know technical stuff. And because they centralized, you went from agencies who had knowledgable people on staff who knew what was going on, to centralized groups thrown together, who might not know this from that, and the most knowledgable usually had their job positions eliminated, because this was now the job of the private sector contractor.
So you have non-technical upper level management making decisions not based on technical savvy, without knowing the intricacies, overseeing companies who are trying to get by with just enough so it keeps their costs down, and who have very little vested sense of loyalty; the management in charge have little idea what CAN go wrong, and the person who could have told them that when the outlines of the contract were put out no longer works for the agency, and is doing something else with his time.
And to fix it all, through trial and error is going to cost the taxpayers more in the long run, because once the department in an agency is disbanded, well, there's no going back, and the next time the contract is up for bid, the costs will go up because they will have added X, Y, and Z to it (which is because of the mistakes on the first contract), and you will still have the contracts being serviced by people who don't have any sense of loyalty to the agency, and don't really care, and more and more of the few people on board who actually know something and could tell you want was needed or how to deal with problem y are retiring or their positions are being eliminated, and thus management gets blamed.
Diseconomies of scale.
And because of the outsourcing, there are almost no middle-level people coming up through the ranks to replace the upper middle people who will be retiring.
This is just starting to happen.
You might not realize something is wrong until something happens, like a bad wildfire season, where there are not enough management teams to go around.
It will have at least some repercussions.
Three or four years ago they could have done it.
But now the situation is going to be messy, because they've lost too much infrastructure.
But I am reminded about a story about a military base. They had contracted a company to clear the streets when it snowed at this particular base.
One day, it snowed on a Sunday. The general, getting impatient for the snow plows to hit the streets called the contractor.
It wasn't written in the contract for them to work on Sunday.
They did not get their contract renewed.
I know what you mean. I'm a net admin at a hospital, and before we do the most trivial thing we ask, "what would HIPAA do" lol. I spent 2 months doing analysis of internal wire traffic on our network and found lots of openings that have been corrected with stronger encryption. HIPAA has been hell, but has brought about needed changes with regards to how data is handled. If I were a patient I would expect it.
I bet you wouldn't have to dig very far to find a Clintonista at the bottom of this.
Guys - it is past time to do away with the SSN for the military and go back to the old Service Number.
Yes, I do. It's from 1965 and reads: "For Social Security and Tax Purposes-Not for Identification."
"outsourcing data collection and processing activities"
Oh it gets worse than that.
We have Chinese and Indian engineers designing and sourcing critical integrated circuits and other electronics that our weapons systems depend on.
It says, "Not to be used for identification."
Contractors--awarded to the lowest bidder. You get what you pay for.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.