Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identity Theft of Many SAIC Employees

Posted by Zonk on from the not-like-losing-your-wallet dept.

Rick Zeman writes "In the wake of the Geoge Mason University identity theft comes another: SAIC, an employee-owned company, has had a break-in which '...netted computers containing the Social Security numbers and other personal information about tens of thousands of past and present company employees.' These employees include anyone who's owned SAIC stock, and since it's an employee-owned company, that's most of them, including 'some of the nation's most influential former military and intelligence officials.'"

7 of 208 comments (clear)

  1. Ah, hell. What now? by Ledneh · · Score: 5, Insightful

    One of my parents may have had their identity stolen in this incident. I sure hope not, but in any case... what now? What can be done to prevent the stolen numbers from being used illegitimately?

    --
    "We are the Dyslexia of Borg. Your ass will be laminated. Futility is resistant."
  2. Why is this data not someplace safe? by Fish+Heads · · Score: 4, Insightful

    So am I crazy, or shoudl these desktop machines not even be HOLDING this kind of data? Sensitive information (all business-related data in my opinion) belongs on the server, not on individual machiens. The server belongs in a secured, protected space. You should be able to lose all of your "personal" computers and only have the inconvenience of setting up new computers for those users. I would say that loss is the fault of poor IT practices.

    --
    Time is the quality of nature that keeps events from happening all at once. Lately it doesn't seem to be working. -Anon
    1. Re:Why is this data not someplace safe? by georgewilliamherbert · · Score: 4, Insightful
      So am I crazy, or shoudl these desktop machines not even be HOLDING this kind of data? Sensitive information (all business-related data in my opinion) belongs on the server, not on individual machiens. The server belongs in a secured, protected space. You should be able to lose all of your "personal" computers and only have the inconvenience of setting up new computers for those users. I would say that loss is the fault of poor IT practices.
      You aren't crazy.

      You're stretching a bit far... all business-related data covers everything on any computer in the company, and it's not reasonable to expect that there's never any local copy of data on any system in the company. Especially with mobile users, but also for network performance / employee usability reasons.

      But key sensitive data, which does include employee files and shareholder identity info as well as key business sensitive data, should be kept on servers which are physically secure, because systems do walk away from offices.

      There is a huge gap between IT typical practice and IT best practice in this area, though. Most businesses don't have nearly enough physical security for the servers, or for physical records (how many just have a toy lock on a filing cabinet with employee data?...).

      Depending on your definition of neglegence, this either clearly wasn't (wasn't any worse than typical businesses) or could have been (a known risk which best practices clearly say not to do).

  3. insider job? by tuxette · · Score: 4, Insightful
    "...the Jan. 25 theft, which the company announced last week, occurred in an administrative building where no sensitive contracting work is performed.

    They better start taking a good close look at their own...

    --
    People say I'm crazy, I got diamonds on the soles of my shoes...
  4. Only that data? by mmThe1 · · Score: 4, Insightful

    Notice the irony:

    "The contractor, employee-owned Science Applications International Corp. of San Diego, handles sensitive government contracts, including many in information security."

    Are we sure it's only the personal data that was compromised? One would be more worried about what *else* was uncovered by whoever-did-this.

    "Ben Haddad, an SAIC spokesman, said yesterday that the Jan. 25 theft, which the company announced last week, occurred in an administrative building where no sensitive contracting work is performed."

    Or is it the case that break-in was *detected* only in one of the buildings? They had to smash windows of the administrative building, to get the keys of the others?

  5. About Time by Lord+Kano · · Score: 3, Insightful

    'some of the nation's most influential former military and intelligence officials.'

    Maybe this is just the thing we need to make people get serious about privacy.

    LK

    --
    "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
  6. Re:About Social Security numbers by stewby18 · · Score: 3, Insightful

    There is only one reason by law a company can have your SSN#, and that is for paying taxes. If your relationship with the organization does not include paying taxes, then refuse to give them your SSN#. If they deny services, you can sue, it is illegal for them to force you to give them your SSN#.

    Could you give some sources? I don't believe that your statement is generally true. It's true that there are only a few cases where you are required by law to give out your SSN (the N stands for Number, by the way--a SSN# is like an ATM Machine). However, that doesn't necessarily mean that it's illegal for other companies to ask for your SSN, or refuse you service if you don't give it out. All the sources I can find (this one for example) say that in most cases the most you can do is take your business elsewhere. Some states have laws preventing refusal of service in specific cases (such as utilities), but in general you have no recourse but to complain and/or go elsewhere.

    Before people take your advice and start threatening to sue everyone for violating a law, they should make sure the law actually exists where they are and applies to their situation--otherwise they'll just end up looking looking silly. Besides, it's always much more effective to be able to quote a specific law a company is breaking instead of just making vague claims of illegality.