The Corps of Engineers have lost an external hard drive. The use of disk encryption software like AlertBoot was not mentioned (the use of encryption lowers the risk of a data breach). The incident took place in Dallas, Texas, where the Corps's Southwestern Division is headquartered.
The information security breach occurred in early November, and seems to affect mostly soldiers who were due to a promotion, although civilians seem to be in the mix as well. Information included names and Social Security numbers, and will affect mostly soldiers in the following: 2008 sergeant first class promotion board 2008 master sergeant promotion board 2007 colonel promotion board 2009 lieutenant colonel promotion board It was not revealed under what circumstances civilian information was retained on the missing hard disk. Impacted personnel will be alerted by mail and through the Army Knowledge Online Web site.
The information security breach occurred in early November, and seems to affect mostly soldiers who were due to a promotion, although civilians seem to be in the mix as well. Information included names and Social Security numbers, and will affect mostly soldiers in the following:
It was not revealed under what circumstances civilian information was retained on the missing hard disk.
Impacted personnel will be alerted by mail and through the Army Knowledge Online Web site.
According to the Army Times, the same exact information was breached earlier. In the case of the sergeant first class data, "an advance version of the list made available to commanders and their designated representatives had been improperly posted on the Internet" in February 2008. That incident, and others, led to dropping soldiers' SSNs from being displayed on-line, since the risk of identity theft is a real problem. And, of course, there have been data breaches at military institutions throughout the years, including active military bases. In fact, it was announced just a couple of years ago, if I recall correctly, that all military laptop computers and other devices where data-at-rest was present were supposed to be protected with encryption software. (Data at rest is another way of saying the information was stored on a device, as opposed to flowing through the interweb's pipes, as one disgraced Senator put it). So, was this one secured?
According to the Army Times, the same exact information was breached earlier. In the case of the sergeant first class data, "an advance version of the list made available to commanders and their designated representatives had been improperly posted on the Internet" in February 2008.
That incident, and others, led to dropping soldiers' SSNs from being displayed on-line, since the risk of identity theft is a real problem.
And, of course, there have been data breaches at military institutions throughout the years, including active military bases.
In fact, it was announced just a couple of years ago, if I recall correctly, that all military laptop computers and other devices where data-at-rest was present were supposed to be protected with encryption software. (Data at rest is another way of saying the information was stored on a device, as opposed to flowing through the interweb's pipes, as one disgraced Senator put it).
So, was this one secured?
It's hard to tell, but seeing how the use of encryption was not mentioned, it seems quite likely that there wasn't adequate data security on the missing device. What's so special about encryption? To make a long story short, the proper level of encryption decreases the chances of accessing protected data. For example, if one uses 128-bit (symmetric) encryption, it's commonly quoted, even by cynical security experts, that it would at least take decades to access the data...most probably centuries. Waiting centuries to become an ID theft victim? Works for me.
It's hard to tell, but seeing how the use of encryption was not mentioned, it seems quite likely that there wasn't adequate data security on the missing device.
What's so special about encryption? To make a long story short, the proper level of encryption decreases the chances of accessing protected data. For example, if one uses 128-bit (symmetric) encryption, it's commonly quoted, even by cynical security experts, that it would at least take decades to access the data...most probably centuries.
Waiting centuries to become an ID theft victim? Works for me.