Security News > 2006 > June > IRS Laptop Lost With Data on 291 People

IRS Laptop Lost With Data on 291 People
2006-06-08 09:05

http://www.washingtonpost.com/wp-dyn/content/article/2006/06/07/AR2006060701987.html By Christopher Lee Washington Post Staff Writer June 8, 2006 An Internal Revenue Service employee lost an agency laptop early last month that contained sensitive personal information on 291 workers and job applicants, a spokesman said yesterday. The IRS's Terry L. Lemons said the employee checked the laptop as luggage aboard a commercial flight while traveling to a job fair and never saw it again. The computer contained unencrypted names, birth dates, Social Security numbers and fingerprints of the employees and applicants, Lemons said. Slightly more than 100 of the people affected were IRS employees, he said. No tax return information was in the laptop, he said. "The data was not encrypted, but it was protected by a double-password system," Lemons said. "To get in to this personal data on there, you would have to have two separate passwords." Lemons said the Treasury Department's inspector general for tax administration is investigating the loss. The IRS is notifying affected individuals and advising them on steps to guard against identity theft. Lemons declined to name the airline or the employee, or to say whether the worker was disciplined, citing the ongoing investigation. The Department of Veterans Affairs suffered a much larger data breach last month when thieves broke into a VA data analyst's home and stole a laptop and external hard drive containing personal information of 26.5 million veterans and active-duty military members. Colleen M. Kelley, president of the National Treasury Employees Union, said IRS employees are worried. "The first thing that comes to mind is identity theft and why care and caution wasn't taken to encrypt their data," she said. Lemons said tax return information is always encrypted if IRS workers carry it into the field. He could not cite a similar policy for personal employee data but said, "typically it's our policy to encrypt any sensitive information." Kelley said she is pressing the IRS to give employee data the same care and protection as taxpayer information. "They are taking this seriously and I would expect to see some changes in policy and procedures in the future," she said. © 2006 The Washington Post Company _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com


News URL

http://www.washingtonpost.com/wp-dyn/content/article/2006/06/07/AR2006060701987.html