[ISN] IRS Laptop Lost With Data on 291 People

InfoSec News isn at c4i.org
Thu Jun 8 05:05:21 EDT 2006


http://www.washingtonpost.com/wp-dyn/content/article/2006/06/07/AR2006060701987.html

By Christopher Lee
Washington Post Staff Writer
June 8, 2006

An Internal Revenue Service employee lost an agency laptop early last
month that contained sensitive personal information on 291 workers and
job applicants, a spokesman said yesterday.

The IRS's Terry L. Lemons said the employee checked the laptop as
luggage aboard a commercial flight while traveling to a job fair and
never saw it again. The computer contained unencrypted names, birth
dates, Social Security numbers and fingerprints of the employees and
applicants, Lemons said. Slightly more than 100 of the people affected
were IRS employees, he said. No tax return information was in the
laptop, he said.

"The data was not encrypted, but it was protected by a double-password
system," Lemons said. "To get in to this personal data on there, you
would have to have two separate passwords."

Lemons said the Treasury Department's inspector general for tax
administration is investigating the loss. The IRS is notifying
affected individuals and advising them on steps to guard against
identity theft. Lemons declined to name the airline or the employee,
or to say whether the worker was disciplined, citing the ongoing
investigation.

The Department of Veterans Affairs suffered a much larger data breach
last month when thieves broke into a VA data analyst's home and stole
a laptop and external hard drive containing personal information of
26.5 million veterans and active-duty military members.

Colleen M. Kelley, president of the National Treasury Employees Union,
said IRS employees are worried. "The first thing that comes to mind is
identity theft and why care and caution wasn't taken to encrypt their
data," she said.

Lemons said tax return information is always encrypted if IRS workers
carry it into the field. He could not cite a similar policy for
personal employee data but said, "typically it's our policy to encrypt
any sensitive information."

Kelley said she is pressing the IRS to give employee data the same
care and protection as taxpayer information. "They are taking this
seriously and I would expect to see some changes in policy and
procedures in the future," she said.

© 2006 The Washington Post Company





More information about the ISN mailing list