While security breaches are still fairly common in 2015, it looks like military organizations have learned their lessons. The biggest breach in recent years involved sensitive information of about 76 million veterans, but even that event dates back to 2009. This article explores three cases of data loss that made military organizations become more vigilant about cybersecurity.
76 Million Veterans Affected by Military Breach
What happens to defective hard drives that are no longer usable? The National Archives and Records Administration (or NARA) sends them to GMRI for repair. But when the drive is not fixable, GMRI passes it to another firm to get recycled. This isn’t necessarily a problem except when the drive contains highly sensitive information.
In 2009, an unencrypted drive containing information about millions of veterans underwent such treatment. According to Bellomy, a NARA IT manager, that drive wasn’t the only unencrypted drive that was sent back to GMRI.
The drive from this particular incident likely contained about 18% of the database as well as a quick look-up that included all veteran’s names and service record numbers. The drive also supposedly contained a lot of sensitive personally identifiable information (PPI) about millions of veterans.
This breach was the biggest, most recent security breach in military organizations. Of course, what’s more surprising is that it happened after the Veteran’s Administration had just settled a class-action lawsuit for another security breach to the tune of $20 million earlier that same year.
VA Settles Lawsuit over Security Breach for $20 Million
In 2006, a laptop was stolen from the home of a Veteran’s Administration data analyst. But it wasn’t just any laptop. This particular model contained the names, birth dates, and Social Security numbers of 26.5 million veterans and military personnel.
After offering a $50,000 reward, the laptop was recovered. According to computer forensic teams the database was intact and hadn’t been accessed since it was stolen. However, nobody can guarantee that none of the information was actually compromised.
The real issue isn’t the theft and consequent discovery of the laptop, but the lax security policies of the Veteran’s Administration. For example, the VA secretary wasn’t even told for 13 days about the theft.
Veterans in different groups pursued a class-action lawsuit against the VA as a result of this incident. After three years of legal battle, the VA settled the lawsuit for $20 million in 2009. Persons who can show some harm from the incident, such as physical symptoms for stress or expenses for credit monitoring, will be paid between $75 and $1,500. Any leftover funds will be donated to veterans’ charities.
A Flash Drive Wreaks Havoc for the Department of Defense
It took the Department of Defense two years to mention a security breach. The world didn’t learn about the incident until August of 2010. It began back in 2008 when a seemingly innocent flash drive was inserted into a U.S. military laptop at a base in the Middle East.
The flash drive contained malicious code which uploaded itself onto a network run by the U.S. Central Command. The code spread undetected on both classified and unclassified systems. Fortunately, the networks used by the military have only the thinnest connection to the Internet, meaning it would be seemingly impossible for the hackers to use any of the data the worm could have produced.
Nevertheless, this security breach served as a serious wake-up call for the Pentagon. The scariest part of it may have been that it took about 14 months to clean up the infection caused by the worm. But as a result, the Pentagon has built layered defenses around military networks and launched the new U.S. Cyber Command to integrate cyber defense operations across all military branches.
How Security Breaches Affect Military Organizations
Most organizations do not take security breaches lightly. Whether it includes poorly protected hardware or securely-encrypted information, military organizations are ramping up to keep up with the times. It’s not surprising that the Pentagon waited two years before releasing information about a security breach. However, what’s concerning is that not every military branch takes cybersecurity seriously.
The good news is that it looks like military organizations are either doing a better job with protecting their information or keeping data losses to themselves. The world hasn’t heard about any major security breaches since 2011 when Tricare reported the theft of back-up tapes containing sensitive information of 4.9 million beneficiaries.
How to Keep Information Secure
Cybersecurity should be important to every organization dealing with sensitive data. At eFileCabinet, we keep your information secure by encrypting all of your files. We also help you reduce data exposure by giving you the ability to give your employees role-based user access. This way your employees can have access to the information they need anytime from any device while your company can restrict access to sensitive files to the people who really need it. Your documents are completely secure at eFileCabinet.