Interior loses CD with personal data for 7,500 federal employees
Department's shared services center says data encrypted, password-protected
A compact disc that contains personally identifiable information for about 7,500 federal employees has been reported lost by the Interior Department’s shared services center.
The incident occurred on or about May 26, when a procurement specialist at Interior’s National Business Center in Denver reported that the CD could not be located. The disc was sent to the business center by a third-party service provider, according to a June 10 news release.
The CD has not been found, Terri Raines, a spokeswoman for the National Business Center, said today.
The data on the CD was encrypted and password-protected, and was used to support billings from the vendor, Raines said. The disc was presumed to be lost in the center’s secured, restricted-access area, she added.
“National Business Center believes the risk of someone gaining malicious access to the data is low,” the business center said in the news release.
Interior has followed breach notification procedures to contact the federal employees involved, who work for a number of federal agencies, including Interior, according to Raines.
“We also are reviewing processes so that this does not happen again,” Raines said. The business center has changed its procedures so that this type of data is received only through secure network connections in the future, rather than from a CD.
Because the business center is a shared service center, the CD contained data for federal employees from multiple agencies, including Interior.
All persons affected by the breach will receive a letter of advisement through the U.S. Postal Service alerting them to the breach. The business center has established an Incident call center to provide information and answer questions.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.