Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identity Theft of Many SAIC Employees

Posted by Zonk on from the not-like-losing-your-wallet dept.

Rick Zeman writes "In the wake of the Geoge Mason University identity theft comes another: SAIC, an employee-owned company, has had a break-in which '...netted computers containing the Social Security numbers and other personal information about tens of thousands of past and present company employees.' These employees include anyone who's owned SAIC stock, and since it's an employee-owned company, that's most of them, including 'some of the nation's most influential former military and intelligence officials.'"

14 of 208 comments (clear)

  1. Ah, hell. What now? by Ledneh · · Score: 5, Insightful

    One of my parents may have had their identity stolen in this incident. I sure hope not, but in any case... what now? What can be done to prevent the stolen numbers from being used illegitimately?

    --
    "We are the Dyslexia of Borg. Your ass will be laminated. Futility is resistant."
    1. Re:Ah, hell. What now? by timeOday · · Score: 2, Insightful

      Our system is totoally screwed up. On the one hand, we have no control about what data people collect about us - whoever collects it owns it, and we have no say. On the other hand, if that data is compromised and hurts us, now who is accountable? The owner of the data? No, the individual has to go to all the trouble and expense of cleaning up after the company's screwup.

  2. Why is this data not someplace safe? by Fish+Heads · · Score: 4, Insightful

    So am I crazy, or shoudl these desktop machines not even be HOLDING this kind of data? Sensitive information (all business-related data in my opinion) belongs on the server, not on individual machiens. The server belongs in a secured, protected space. You should be able to lose all of your "personal" computers and only have the inconvenience of setting up new computers for those users. I would say that loss is the fault of poor IT practices.

    --
    Time is the quality of nature that keeps events from happening all at once. Lately it doesn't seem to be working. -Anon
    1. Re:Why is this data not someplace safe? by georgewilliamherbert · · Score: 4, Insightful
      So am I crazy, or shoudl these desktop machines not even be HOLDING this kind of data? Sensitive information (all business-related data in my opinion) belongs on the server, not on individual machiens. The server belongs in a secured, protected space. You should be able to lose all of your "personal" computers and only have the inconvenience of setting up new computers for those users. I would say that loss is the fault of poor IT practices.
      You aren't crazy.

      You're stretching a bit far... all business-related data covers everything on any computer in the company, and it's not reasonable to expect that there's never any local copy of data on any system in the company. Especially with mobile users, but also for network performance / employee usability reasons.

      But key sensitive data, which does include employee files and shareholder identity info as well as key business sensitive data, should be kept on servers which are physically secure, because systems do walk away from offices.

      There is a huge gap between IT typical practice and IT best practice in this area, though. Most businesses don't have nearly enough physical security for the servers, or for physical records (how many just have a toy lock on a filing cabinet with employee data?...).

      Depending on your definition of neglegence, this either clearly wasn't (wasn't any worse than typical businesses) or could have been (a known risk which best practices clearly say not to do).

    2. Re:Why is this data not someplace safe? by Stephen+Samuel · · Score: 2, Insightful
      Depending on your definition of neglegence, this either clearly wasn't (wasn't any worse than typical businesses) or could have been (a known risk which best practices clearly say not to do).

      This is a company that regularly does high-security work, and hires people like former CIA directors. They work with sensitive and secret data on a regular basis.

      There is no defence of ignorance here. People who regularly handle secret (and above) data did a bad job of protecting sensitive data. I'd say that this bodes ill for the truly secret data that they have at other sites.

      --
      Free Software: Like love, it grows best when given away.
    3. Re:Why is this data not someplace safe? by winwar · · Score: 2, Insightful

      "People who regularly handle secret (and above) data did a bad job of protecting sensitive data. I'd say that this bodes ill for the truly secret data that they have at other sites."

      Not necessarily. Think of it this way. What exactly is the penalty for doing a bad job of protecting personal data? Versus secret and above data?

  3. insider job? by tuxette · · Score: 4, Insightful
    "...the Jan. 25 theft, which the company announced last week, occurred in an administrative building where no sensitive contracting work is performed.

    They better start taking a good close look at their own...

    --
    People say I'm crazy, I got diamonds on the soles of my shoes...
  4. Only that data? by mmThe1 · · Score: 4, Insightful

    Notice the irony:

    "The contractor, employee-owned Science Applications International Corp. of San Diego, handles sensitive government contracts, including many in information security."

    Are we sure it's only the personal data that was compromised? One would be more worried about what *else* was uncovered by whoever-did-this.

    "Ben Haddad, an SAIC spokesman, said yesterday that the Jan. 25 theft, which the company announced last week, occurred in an administrative building where no sensitive contracting work is performed."

    Or is it the case that break-in was *detected* only in one of the buildings? They had to smash windows of the administrative building, to get the keys of the others?

  5. About Time by Lord+Kano · · Score: 3, Insightful

    'some of the nation's most influential former military and intelligence officials.'

    Maybe this is just the thing we need to make people get serious about privacy.

    LK

    --
    "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
  6. Re:About Social Security numbers by stewby18 · · Score: 3, Insightful

    There is only one reason by law a company can have your SSN#, and that is for paying taxes. If your relationship with the organization does not include paying taxes, then refuse to give them your SSN#. If they deny services, you can sue, it is illegal for them to force you to give them your SSN#.

    Could you give some sources? I don't believe that your statement is generally true. It's true that there are only a few cases where you are required by law to give out your SSN (the N stands for Number, by the way--a SSN# is like an ATM Machine). However, that doesn't necessarily mean that it's illegal for other companies to ask for your SSN, or refuse you service if you don't give it out. All the sources I can find (this one for example) say that in most cases the most you can do is take your business elsewhere. Some states have laws preventing refusal of service in specific cases (such as utilities), but in general you have no recourse but to complain and/or go elsewhere.

    Before people take your advice and start threatening to sue everyone for violating a law, they should make sure the law actually exists where they are and applies to their situation--otherwise they'll just end up looking looking silly. Besides, it's always much more effective to be able to quote a specific law a company is breaking instead of just making vague claims of illegality.

  7. Ex-SAICer by Anonymous Coward · · Score: 1, Insightful

    I won't go into details, but I will say my experiences with the company were very disappointing. One of the supposed benefits of working for an employee owned company is opportunity for mobility within the company if the project or contract a person is working on does not get picked up again. Not exactly what I saw. There was no perceived benefit to being an employee going for a position vs. being someone off the street.

    I was surprised about some of the things in the article, and that problems with SAIC contracts are a lot more widespread than what I thought.

    IMO, if the founder saw what his creation had become, he'd be livid. I really believe the founder started things with the right idea and concept, things just haven't stayed with his vision.

    1. Re:Ex-SAICer by Anonymous Coward · · Score: 1, Insightful

      Another ex-saicer here. In my opinion it is no coincidence that there's such high turnover in the company - remember all that great company stock goes right back into the kitty if you're let go within a few years.

      Also, in my opinion the company is a bureacratic mess, no surprise here that they were the one involved in the fbi's $170 million project failure!

      I'm glad to be out of there, but like a bad penny it seems to be coming back on me - with the loss of my personal info now.

      argh!

  8. I feel so used by DrTime · · Score: 2, Insightful

    I used to work for SAIC and I have to hear about this on /. almost 3 weeks after the fact. I've already googled what I need to do. I was disappointed with SAIC as a company, but they were reasonably generous back when I worked for them. Oh well.

  9. This sucks! by JoeKramer · · Score: 2, Insightful

    As a SAIC employee this just blows. I had to put a ID theft warning on my credit. This story took a long to come out! This took place weeks ago and we where warned about this over 2 weeks ago! hehe