Establishing Digital Trust: Don't Sacrifice Security for Convenience
An unencrypted backup storage drive holding the names, social security numbers and other unspecified personal information of more than 35,000 Arkansas National Guardsmen was discovered missing last month, the latest incident in a string of military security gaffes.
Officials at the Camp Joseph T. Robinson base in North Little Rock, Ark., said the wayward drive was last used in November as a backup drive to archive personnel information dating back to 1991.
The drive was discovered missing on Feb. 15 after an "exhaustive search," National Guard officials said. At first the Guard hoped the unsecured drive would only affect a portion of its current members, but those hopes were dashed when investigators realized that a single file containing personal information on all soldiers who have served in the unit since 1991 was stored on the drive.
"This inappropriate handling of our soldiers' personal information is an isolated incident, which is now under investigation to help ensure steps are taken to help prevent such an incident from occurring in the future," the National Guard said in a statement.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"This incident has been reported up to the U.S. CERT (Computer Emergency Response Team), the National Guard Bureau and U.S. Army privacy authorities," it added.
A similar incident in November at the U.S. Army Corps of Engineers' Southwestern Division in Dallas exposed the names and social security numbers of more than 60,000 soldiers and civilian personnel.
In that case, an external drive was either stolen or lost and contained data files for soldiers who went before the 2008 sergeant first class and 2008 master sergeant promotion boards.
"Right now the focus is on investigating [the incident], alerting people who may be affected and taking measures to make sure it doesn't happen again," Maj. Mark Young of the Corps of Engineers said at the time.
The Arkansas National Guard said its information management personnel are now searching the data in order to compile a complete list of all affected in order to begin the process of individual notification. Affected soldiers were expected to be notified of the security breach beginning this week, officials said.
The missing drive is just the latest in a series of security missteps exposing data from military, government, and private sector organizations.
According to a Ponemon Institute study released last fall, more than 800,000 data-sensitive memory devices were lost or stolen in the past year.