Establishing Digital Trust: Don't Sacrifice Security for Convenience
NARA described the data on the missing hard drive as "snapshots" of personnel associated with the Clinton White House, which contained personally identifiable information such as names and Social Security numbers of administration staff and visitors.
The 2 terabyte hard drive was used to back up data on about 113 4mm tape cartridges, the NARA said.
The way the agency explains it in a post on its Web site (PDF), the hard drive went missing from a processing room after staff abandoned their analysis of the hard drive to develop an automated method of validating the data.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iThe data breach will likely add fuel to the fire that has flared up lately in Washington over government cybersecurity. Both chambers of Congress have been holding hearings on steps the government can take to shore up its systems amid high-profile breaches that have exposed critical systems such as the nation's power grid and a military fighter plane project.
In the meantime, President Obama is expected imminently to make public the results of a sweeping review of the systems and policies the government has in place to safeguard digital information.
NARA said it is in the process of reviewing the tapes the hard drive was backing up to compile a list of individuals whose data might have been compromised.
Due to the volume of the data the hard drive contained, the Archives said it does not know how many individual may have been affected, but that it plans to notify each of them and provide them with a year of credit monitoring.
"The sad thing is that could have easily been prevented," said Mark Kadrich, president and CEO of the Security Consortium, a private security firm.
"People focus on technology and forget about the people and the processes that need to be in place to support a security program," Kadrich told InternetNews.com. "It is critical to create a complete security program that goes beyond just IT security and takes into account the business processes used to handle sensitive data."
In response to the incident, the Archives has said it is working to improve its security processes, including "physical control of records, office access and treatment of personally identifiable information."
NARA said that it keeps copies of all its data, so that no original records are lost.
The agency has not determined if the hard drive was lost or stolen, but said it is conducting a criminal investigation and offering a $50,000 reward for information leading to the device's return.
Article courtesy of InternetNews.com.