Learn How a Virtual Networking Approach Can Strengthen the Security of Federal Networks REGISTER >
A hard drive was either lost or stolen from processing room at the National Archives and Records Administration in College Park, Md., sometime between October 2008 and February 2009, putting at risk the personal information of more than 250,000 Clinton administration staffers, White House visitors and job applicants.
The data, including at least 100,000 Social Security numbers, was placed on the Western Digital My Book external drive as part of a routine recopying process to ensure preservation of the information, according to NARA officials.
NARA learned the drive was missing in March when it restarted a hard drive analysis project it initiated to reduce the amount of time staff spent validating data on the hard drive.
However, the drive was last accounted for sometime between October 2008 and early February 2009," NARA officials said in a statement. "Thus, if the data has been misused or otherwise used to commit fraud or identity theft crimes, it is possible that affected individuals could have suspicious activity beginning as early as October 2008."
Earlier this year, NARA authorized credit reporting and monitoring firm Experian to send out more than 26,000 letters notifying affected individuals of the data breach and advising them to keep close tabs on their credit and banking information.
In December, NARA sent out an additional 150,000 notification letters as further investigation of the data copied onto the missing drive identified more potential victims, including the daughter of former Vice President Al Gore.
Those affected included administration staffers, people who applied for jobs within the administration and visitors to the White House during Clinton's presidency. There was also data collected from the Executive Office staff, the Secret Service and variety of event and social gathering logs.
NARA is offering one year of free credit monitoring services those people affected and is offering a reward of up to $50,000 for information leading to the recovery of the missing drive.
A report by Traverse City, Mich. security research the Ponemon Institute last year found that more than 800,000 data-sensitive memory devices, including external hard drives, are lost or stolen each year.