Interior loses CD with personal data for 7,500 federal employees

Department's shared services center says data encrypted, password-protected

A compact disc that contains personally identifiable information for about 7,500 federal employees has been reported lost by the Interior Department’s shared services center.

The incident occurred on or about May 26, when a procurement specialist at Interior’s National Business Center in Denver reported that the CD could not be located. The disc was sent to the business center by a third-party service provider, according to a June 10 news release.

The CD has not been found, Terri Raines, a spokeswoman for the National Business Center, said today.

The data on the CD was encrypted and password-protected, and was used to support billings from the vendor, Raines said. The disc was presumed to be lost in the center’s secured, restricted-access area, she added.

“National Business Center believes the risk of someone gaining malicious access to the data is low,” the business center said in the news release.

Interior has followed breach notification procedures to contact the federal employees involved, who work for a number of federal agencies, including Interior, according to Raines.

“We also are reviewing processes so that this does not happen again,” Raines said. The business center has changed its procedures so that this type of data is received only through secure network connections in the future, rather than from a CD.

Because the business center is a shared service center, the CD contained data for federal employees from multiple agencies, including Interior.

All persons affected by the breach will receive a letter of advisement through the U.S. Postal Service alerting them to the breach. The business center has established an Incident call center to provide information and answer questions.

 

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Wed, Jun 30, 2010 Doug B California

The director of this shared services center was fired several months ago. Obviously that was not a wake up call so I think the CIO and security officer should be next!! I am a federal employee and not even associated with Interior, but my information could have been included in that breach. So because of them I now have to watch my credit report for the next 5 years? Thanks for protecting my data!!

Wed, Jun 30, 2010

The National Business Center is such a dysfunctional organization. Keep in mind this is the same organization whose director was just fired, escorted out of the building, and is currently under investigation. The entire Interior department laughs at the lack of information security at this office. And by the way, as a system administrator, the chances of that CD being encrypted and password protected are very, very slim. And once an attacker has the encrypted information, they have all day to use one of the hundreds of free tools on the internet to break that encryption, its not rocket science!!

Tue, Jun 22, 2010 Geoff

Key word, "Encrypted"... It isn't now, nor will it likely ever be cracked open by a third party. That's what encryption at DOD standards gives us... Confidence that "lost" things on CDs remain inaccessible.

Tue, Jun 22, 2010

As a postal employee, my first reaction when my husband received this announcement was that those responsible obviously are not taking this seriously. They sent this important information "presort standard", the lowest class of mail. This is what most people call "junk mail" and is not forwardable, so anyone who is having mail forwarded would not receive it. It would be thrown out. Also, how many of you reading this actually read your junk mail or do you just round file it?

Mon, Jun 21, 2010

"data on the CD was encrypted and password-protected"
"Interior has followed breach notification procedures to contact the federal employees involved"
In other words, it sounds like the agency has learned lessons from VA on how to properly care for PII data. The article doesn't state that the PII is now in the hands of people intending to perform malice. This is exactly why encryption and password-protection procedures are in place - to protect the data when it gets lost. If objects NEVER got lost it would hardly be worth encrypting and password protecting it.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group