June 22, 2006 8:36 AM PDT

Hacker may have pilfered personal data from USDA

Personal information on about 26,000 Washington, D.C.-area employees and contractors of the U.S. Department of Agriculture may be at risk after a hacking incident earlier this month, officials said Wednesday.

It's still unknown whether the hacker actually managed to obtain the names, Social Security numbers and photographs of the individuals whose information was housed on the affected database, the agency said. The database also contained information that is "readily available to the public" but no financial or health records.

Agriculture Secretary Mike Johanns ordered that anyone potentially affected be notified by e-mail and in writing. Those employees are also eligible for a year's worth of free credit monitoring services.

The federal agency's cybersecurity staff noticed suspicious activity on a couple of its machines during the weekend of June 3, indicating that an outsider was trying to gain illegal access. When staff members first notified Johanns of the incident three days later, they assured him that the personal information had sufficient protections to dispel concerns about identity theft.

"However, subsequent forensic analysis leaves uncertain whether personal information was protected," the agency said in a statement.

The breach marks the latest in a string of incidents in which employees and contractors of federal agencies have found their personal information potentially at risk.

Te U.S. Federal Trade Commission on Thursday said approximately 110 individuals might be at risk of identity fraud after two FTC laptops were stolen from a locked vehicle. One of the computers contained data collected in FTC investigations, including addresses, Social Security numbers, dates of birth, and financial account numbers, the FTC said in a statement. Some of the at-risk individuals are defendants in current and past FTC cases, the agency said, adding it will offer one year of credit monitoring services.

The most high-profile news, by far, came from the U.S. Department of Veterans Affairs. That agency reported late last month that personal data on as many as 26.5 million veterans--a category later revised to include nearly 2 million active-duty military, National Guard, and Reserve personnel--resided on government-owned computer equipment stolen from a VA analyst's home. It remains unclear whether the thieves have used that data for illicit purposes.

Less than two weeks ago, the Department of Energy informed members of Congress that a hacking incident last September resulted in the theft of the names, birth dates and Social Security numbers of 1,500 people working for its nuclear security division.

CNET News.com's Joris Evers contributed to this story.

See more CNET content tagged:
social security number, agency, Social Security, contractor, personal information

4 comments

Join the conversation!
Add your comment
So much for national security
It is sad to now think that the most notable victims of security breaches these days are high departments within the U.S. government. Oh wait, nevermind - this has been the trend for the past 2 months. My general thought was that by now the government would...

a) Have the most technologically advanced security systems and know when to implement them
b) Have learned from the mistakes of the hundreds of other companies within the past few months

It seems like the only thing they are doing for the potential victims is offering them benefits AFTER their identities have been falsely used. How about we better protect these employees and take care of our data BEFORE it gets stolen.
<a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article1.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article1.htm</a>
Posted by Nkully86 (59 comments )
Reply Link Flag
Is Gov. Paying Attention to Privacy Hearings?
As many other industries are regulated, for privacy <a class="jive-link-external" href="http://news.cbsi.com/Tech+titans+lobby+for+national+consumer+privacy+laws/2100-1028_3-6086039.html?tag=cd.top" target="_newWindow">http://news.cbsi.com/Tech+titans+lobby+for+national+consumer+privacy+laws/2100-1028_3-6086039.html?tag=cd.top</a> issues: HIPAA, GLBA, SOX, one would think the bodies setting up rules would take notice themselves. The USDA, VA and even Universities could take notice and set up better Risk Policies and install something as simple as Remote Laptop Security <a class="jive-link-external" href="http://www.essentialsecurity.com/howitworks_laptop.htm" target="_newWindow">http://www.essentialsecurity.com/howitworks_laptop.htm</a> or access controls to their electronic files.
Posted by marileev (292 comments )
Reply Link Flag
Unsure?
"However, subsequent forensic analysis leaves uncertain whether personal information was protected," the agency said in a statement.

The above statement is absolutely ludicrous. In the financial transaction processing world in which I live, I interact with some of the best data forensic people in the industry, and I cannot believe that anyone in our government would think the populous was so nieve to accept such a statement. Was the data encrypted? Was the data protected by firewall systems? Was the computer hardened?

Uncertain whether it was protected...? Give us a break.
Posted by J.D. Oder II (2 comments )
Reply Link Flag
"unsure"...
That's marketroid for "It happened, but we're not owning up that we screwed up. We can't say it DIDN'T happen, so, umm, we'll say we're 'unsure'".
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.