TRENDING:

Governance & Risk Management

Disk with 100K SSN Missing from National Archives

Contents Included Secret Service Procedures, Addresses from Clinton Era Eric Chabrow (GovInfoSecurity) • May 21, 2009     A hard drive containing one terabyte of data from the Clinton presidency that include more than 100,000 Social Security numbers, including that of one of Al Gore's daughters, and Secret Service operating procedures is missing from the National Archives.

The missing disk also included addresses of Clinton administration officials, White House operating procedures, event and social gathering logs, political records and other highly-sensitive information, according to Rep. Daniel Issa, R.-Calif., the ranking member on the House Committee on Oversight and Government Reform.

The inspector general of the National Archives and Records Administration briefed committee staffers earlier this week on the hard drive loss. According to Issa, the hard drive was moved from a secure storage area to another workspace. The inspector general explained that at least 100 badge-holders had access to the area where the hard drive was left unsecured. In addition to those with official access to sensitive material, the inspector general claims that janitors, visitors, interns and others passed through the area where the drive was stored. The inspector general describes the workspace as an area that Archives employees pass through on their way to the bathroom. The door is often left open for ventilation.

The loss occurred between October and March. The inspector general is investigating the situation as a crime with the assistance of the Department of Justice and the Secret Service but they have yet to determine if the loss was the result of theft or accidental loss, Issa says.

In a statement, the National Archives said that as soon as its staff confirmed in early April that the hard drive was missing, it reported it to the agency's senior officials, including the acting archivist of the United States, the Inspector General, and the senior agency lawyer for privacy. In addition, the National Archives said it immediately undertook a review of its internal controls and had implemented improved security processes.

The inspector general had previously described a potentially catastrophic lack of internal controls at the National Archives. Even the secure storage spaces for sensitive information are susceptible to breach, Issa quotes the inspector general. A previous inspector general report describes how the acting archivist wrote off the loss of $6 million worth of computer equipment.

Previous
Excessive Unauthorized Access at DHS
Next
National Archives Q&A on Missing Disk

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.