Sunday, June 25, 2006

Navy Finds Data on Thousands of Sailors on Web Site

washingtonpost.com
Navy Finds Data on Thousands of Sailors on Web Site
By Josh White
Washington Post Staff Writer

Navy officials discovered this week that personal information on nearly 28,000 sailors and family members was compromised when it appeared on a Web site, fueling more concerns about the security of sensitive information belonging to federal employees.

Five spreadsheet files of data -- including names, birth dates and Social Security numbers of sailors and their relatives -- were found exposed on a Web site Thursday night during routine internal sweeps of the Internet for sensitive material, said Lt. Justin Cole, a spokesman for the chief of naval personnel. He said the material was removed from the Web site within two hours.

"It was information you don't want on a public Web site," Cole said. "But there was no indication it was being used for illegal purposes."

The potential security breach is one of several losses of important personal data reported in Washington in recent weeks, part of an unusual string of thefts and Internet hacks that have compromised information belonging to millions of federal workers. Five other agencies and the D.C. government have reported similar problems since the beginning of May.

The largest breach occurred May 9, when a Department of Veterans Affairs laptop computer and external hard drive were stolen from an Aspen Hill home, a theft that officials said included personal information on up to 26.5 million retirees and active-duty personnel. There was no indication the thief was targeting the information.

Yesterday, the Government Accountability Office said it removed from its Web site archival records with names and Social Security numbers on fewer than 1,000 government workers.

Earlier this week, the Agriculture Department reported that data on as many as 26,000 employees had been compromised by a hacker. A laptop containing data on 13,000 D.C. workers and retirees was stolen last week. The Energy Department said that similar data for 1,500 employees may have been accessed by a hacker in September, and Internal Revenue Service officials said a laptop containing names, Social Security numbers and fingerprints of 291 employees and applications was misplaced in May.

In the Navy case, officials are unsure how the information ended up on an insecure Web site, and the Naval Criminal Investigative Service is looking into whether the person who posted it was supposed to have access to the data. Cole said it is possible the information was posted inadvertently.

The Navy plans to contact the people affected and urge them to closely monitor bank and credit card accounts for fraudulent activity.

Congress is considering a measure that would pay for credit monitoring for those affected by the VA data loss. Rep. Edward J. Markey (D-Mass.) called yesterday for the Defense Department to provide immediate free credit monitoring for sailors who may have been affected by the Internet posting.

In a letter to Defense Secretary Donald H. Rumsfeld, Markey said the incident "raises serious questions about the nature and adequacy of privacy protections afforded to active duty military personnel, their families, and military veterans."

Rep. Thomas M. Davis III (R-Va.), chairman of the Government Reform Committee, applauded the Navy's speedy response to get the information removed from public view.

Cole said sailors may contact the Navy Personnel Command call center to determine whether their names were on the compromised list: 866-827-5672.