One would think one of the biggest Pentagon contractors would know a little something about data encryption. Alas, SAIC Inc. likely compromised the personal information of more than 500,000 military personnel and family members because it kept the information online and unencrypted, the Virginian Pilot reports.
As usual in these cases the negligent party was quick to point out that there is as yet no evidence that the data had been accessed by "unauthorized parties." And yet, conceded SAIC spokesperson Melissa Koskovich: "We can't rule that possibility out."
SAIC had the data as part of providing technical services for a military health benefits program. SAIC is investigating how the latest incident occurred with help from a third party it did not name. And some number of unidentified employees have been placed on administrative leave.
In 2005, thieves broke into a facility and stole computers containing names, Social Security numbers, and other information about past and current employees, according to nonprofit consumer organization Privacy Rights Clearinghouse.
SAIC said the problem occurred when it transmitted online, without encryption, information about 580,000 military households that is maintained on an unsecured server in Shalimar, Fla.
SAIC was notified May 29 by the U.S. Air Forces in Europe that it had detected an unsecured transmission of the information. SAIC said it has fixed the security problems and advised potentially affected people.