Personal data on 207,000 U.S. army reservists has recently been stolen along with three laptops from the offices of a government contractor (Serco Inc.). The U.S. Army Reserve Command has begun notifying the reservists of this security fail via letters that offer apologies and assurances that “something” will be done to prevent these things from happening again:
“At a minimum, we will be providing additional training to personnel to ensure that they understand that personally identifiable information must at all times be treated in a manner that preserves and protects the confidentiality of the data,” it says in the letter.
According to Brian Krebs, the data in question was held on a CD-Rom that was in one of the laptops at the time the theft occurred, and encompasses names, addresses and Social Security numbers of the reservists. It is also likely it contained some data that belongs to spouses and dependents of the reservists.
Col. Jonathan Dahms, PR for the Army Reserve, said that the Army will be taking steps to assure that the identities of reservists whose data was stolen were protected, but hasn’t elaborated on what those steps may be.
The questions that beg to be asked: “Don’t government contractors have an obligation to keep the data encrypted? If not, why?”