An electronic media destruction company, specializing in CD-ROM, DVD, Blu-ray, Holographic DVD, Hard Drive (HDD & SSD), Flash Memory, Data Tape, Floppy Media and Secure Destruction Equipment.
FAA suffers massive data breach; more than 45,000 affected PDF Print E-mail

By Mary Mosquera
Federal Computer Week
Retrieved February 12, 2009
Go to Original Article

The Federal Aviation Administration has notified employees that one of its computers was hacked, and the personally identifiable information of more than 45,000 employees and retirees was stolen electronically. All affected employees will receive individual letters to notify them about the breach, the FAA said Feb. 9.

Two of the 48 files on the breached server contained personal information about employees and retirees who were on the FAA’s rolls as of the first week of February 2006, the FAA said in a statement.

In a letter to employees Feb. 9, Lynne Osmus, the acting FAA administrator, said that the agency’s Cyber Security Management Center was investigating unusual activity when it discovered an administrative server had been hacked.

Most of the 48 breached files were test files used for application development, but two of these files contained names and Social Security Numbers, she said. Medical information from the hacked files was encrypted and not identifiable.   

“We are moving swiftly to identify short-term and long-term measures — procedural and technological — to prevent such incidents from recurring.  All current and former employees who are affected will receive a letter shortly alerting them to this event,” Osmus said.

Among the measures that the FAA is taking is to post information in the form of frequently asked questions on the FAA’s employee and public Web sites, Osmus said. The agency also has notified employee union representatives and congressional committees with oversight over the agency, an FAA spokeswoman said. The FAA said it notified law enforcement authorities, and they are investigating the data theft.

The server that was illegally accessed was not connected to the operation of the air traffic control system or any other FAA operational system, and the agency has no indication that those systems have been compromised in any way, the FAA said.

Although FAA has not provided much information about the incident, Mike Rothman, senior vice president of strategy for eIQnetworks, said the FAA responded fairly quickly to the breach in narrowing down which device and files containing sensitive data were compromised.
 
“Their response shows they had a good response plan in place and they executed on it well,” he said. However, the FAA could improve its information security by having a “very monitoring-centric approach to understand what’s happening with your data,” Rothman said.
 
In January, the Office of Management and Budget named the FAA as one of four agencies to provide services to certify and accredit computer systems to assist other agencies to fulfill information security requirements under the Federal Information Security Management Act.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

 
< Prev   Next >
[ Back ]
IT Security Products Catalog

  securitycatalog

   Download the PDF

 
68323 Lea Street Iron River, WI 54847 PHONE (715) 372 - 6700 FAX (715) 372-6702
Copyright © 2004-2012, All Rights Reserved