NARA suffers data breach

Investigation under way into missing hard drive with personal information

An external hard drive with personally identifiable information from the Executive Office of the President during the Clinton administration is missing from a National Archives and Records Administration facility near Washington, government officials have said.

The missing device has copies of electronic storage tapes with data about White House staff members and visitors from the Clinton era, and the amount of personal information missing isn't known, NARA said in a statement released May 19. The agency's inspector general is investigating the incident. Officials said staff members confirmed that the hard drive went missing in early April, and they subsequently informed agency officials, the Homeland Security Department's U.S. Computer Emergency Readiness Team and Clinton's representative.

NARA also said it will issue a breach notification to people affected by the loss, and it has reviewed its internal controls and improved security processes.

NARA's IG briefed staff members of the House Oversight and Government Reform Committee May 19, and Rep. Edolphus Towns (D-N.Y.), the committee's chairman, and ranking member Rep. Darrell Issa (R-Calif.) said they would pursue the issue.

“I am deeply concerned about this serious security breach at the National Archives,” Towns said. He plans to hold separate briefings for committee members with NARA's IG and the FBI so they can “begin to understand the magnitude of the security breach and all of the steps being taken to recover the lost information.” Towns said the FBI is conducting a criminal investigation into the matter.

Issa's office said the missing drive contains 1T of data with "more than 100,000 Social Security numbers (including Al Gore’s daughter), contact information (including addresses) for various Clinton administration officials, Secret Service and White House operating procedures, event logs, social gathering logs, political records and other highly sensitive information."

“This egregious breach raises significant questions regarding the effectiveness of the security protocols that are in place at the National Archives and Records Administration,” Issa said. He also called on Adrienne Thomas, NARA's acting head, to testify about the incident during a hearing the committee’s Information Policy, Census and National Security Archives Subcommittee plans to hold May 21.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

Reader comments

Fri, Sep 11, 2009 gbchew Ft. Gordon, GA

"the amount of personal information missing isn't known" "NARA also said it will issue a breach notification to people affected by the loss" What?

Thu, May 21, 2009

Being sensitive to the possibility of losing removable hard drives and/or sensitive data on them, an invention was made at the US Army Research Laboratory several years ago and a patent was granted. Some other departments or agencies showed interest if it were available “yesterday.” But none was interested in funding the actual development of the device and system. With the proliferation of cheap and tiny USB drives, the probability for loss of sensitive data is constantly increasing. It should be noted that even online data is on some hard media somewhere.

Thu, May 21, 2009 theo

Perhaps someone should ask Sandy Berger if he knows anything about it. Maybe it wound up in one of his socks!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above