iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Gov.-Contracted Cybersecurity Firm Breached
Search:
[ insider_reports_insider ]

Gov.-Contracted Cybersecurity Firm Breached



SecurityProNews
Staff Writer
2009-02-05

SecurityProNews: Insider Reports Insider Reports RSS Feed


News of serious data breach at SRA International was likely drowned out by the US Presidential inauguration. The same day Heartland Systems announced the largest data breach in history, affecting millions of credit card numbers, SRA announced the discovery of a virus on its network.

Gov.-Contracted Cybersecurity Firm Breached
Gov.-Contracted Cybersecurity Firm Breached
What makes that especially embarrassing-and especially troubling-is SRA is an IT security company employed by the US Department of Defense, Homeland Security, and the National Guard.

The company officially acknowledged the breach via letter to its employees, who seem to be the parties affected. SRA said the personnel data compromised included personal information like name, address, birthday, health information, social security number, benefit dependents, and possibly personal data included in security position questionnaires. The company offered, as appears standard, free credit monitoring services.

Hopefully, the breach was limited to employees and does not extend to sensitive information protected on behalf of the government, which is constantly bombarded by attempted hacks. In light of the Patriot Act area, who knows what citizen data could be targeted and used for ill?

Graham Cluley at Sophos asks the most pressing question: "Why wasn't this sensitive data encrypted? If it had been securely encrypted then even if malware and hackers had gained access to the same drive as the confidential information, they wouldn't be able to do anything with it."

The company didn't know if any of the information had been extracted or used, but it's reasonable to assume if there was a hole within its own network, there are possibly other exploitable vulnerabilities with unencrypted data. Likely the government-contracted cybersecurity company is looking into this encryption idea.


About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds