Whether it’s your 17 year old daughter or 83 year old mother, their identity being stolen has been made a whole lot easier by two organizations we have to trust–NASA and TRICARE. Two “data breaches” for personal information have me very concerned. As father and son, I’m cast in the role of tracking the usage of multiple identity theft monitoring technologies. Whether it’s the Teacher Retirement System, the Texas Comptroller, a school district, NASA, or SAIC, we’re finding ourselves having to better manage participation in identity theft programs.

Here are two recent data breaches, one in November and another in December 2011, that I’m having to deal with. EMBRACE ENCRYPTION. If you need a tutorial, let me know and I’ll be happy to do an Encryption for Educators session for your employees.

Image Source: Romanian Hacker Arrested NASA Breach, Security News Daily

NASA DATA BREACH
Do a google search on NASA Data Breach, and you’ll get a few answers, but no mention of this one (per my search) that arrived in my mailbox recently:

This letter is to inform you about the unintentional loss of personally identifiable information that was submitted by you and your child as part of registration with NASA’s Texas High School Aerospace Scholars and Women in STEM High School Aerospace Scholars (WISH) projects. 

An electronic copy of your information was stored on a flash drive by an employee of a NASA Johnson Space Center (JSC) grantee. On August 12, 2011, the flash drive was identified as missing after an aerospace scholar’s event at the NASA JSC Gilruth Facility. The personally identifiable information on the flash drive included only names, mailing addresses, e-mail addresses and students’ dates of birth. No other personally identifaible information was on the flash drive. No information is available about the current whereabouts of the flash drive but to date there is no evidence to suggest there has been any attempt to misuse you or your child’s personal information. 

Because the flash drive included your child’s date of birth, as a precaution for you and your child, JSC has contracted with Identity Force to provide you (the adult/guardian) with three bureau credit report monitoring services and your minor/child with identity monitoring services for one year. These services will be provided to you free of charge to help protect you and your child’s identity.

Source: SAIC web site...their solution may be proven but at least one employee was not.

This letter is to notify you of the loss of your personally identifiable and protected health information, and Science Applications International Corporations’s (SAIC) offer to you of free credit monitoring and restoration services for the period of one year. 

SAIC is a government contractor supporting the TRICARE Management Activity (TMA). On September 14, 2011, a SAIC employee reported that computer backup tapes containing your information were stolen from his vehicle in San Antonio, Texas. Backing up your information to these tapes and transporting them for storage in a remote location is a routine procedure to save important data and is a specific contract requirement for SAIC. Upon discovery of the theft, we promptly notified law enforcement and designated government agencies. 

The information contained on the tapes may include names, Social Security Numbers, addresses, dates of birth, phone numbers, appointment information, diagnoses, treatment information, laboratory tests, radiology results, prescriptions, provider names, provider location and other patient data, but does not include any financial data, such as credit card or bank account information. 

The chance that your information could be obtained from these tapes is low since accessing, viewing and using the data requires specific hardware and software. We engaged law enforcement to attempt to recover the stolen backup tapes. 

At this time, we have no evidence to indicate the data on the backup tapes has been accessed, viewed or used by others in any way. However, we know how concerned you may be and to assist you, SAIC is providing you with a free, one-year membership in Kroll Inc’s ID TheftSmart service.