Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identity Theft of Many SAIC Employees

Posted by Zonk on from the not-like-losing-your-wallet dept.

Rick Zeman writes "In the wake of the Geoge Mason University identity theft comes another: SAIC, an employee-owned company, has had a break-in which '...netted computers containing the Social Security numbers and other personal information about tens of thousands of past and present company employees.' These employees include anyone who's owned SAIC stock, and since it's an employee-owned company, that's most of them, including 'some of the nation's most influential former military and intelligence officials.'"

9 of 208 comments (clear)

  1. You're fired! by Space_Soldier · · Score: 1, Interesting

    Someone is going to lose his or her job. We all know that operating systems and applications have bugs. However, most of the break ins are because of unpatched or misconfigured systems, which are administrator faults. 99.99999999999999% of bad guys are too lazy to find holes themselves like Kevin Mitnick did when he broke into Sun to get Solaris and find security bugs. So, they use what is known. Admins must use what it is known to fix those problems.

  2. About Social Security numbers by John+Seminal · · Score: 2, Interesting

    I am suprised how many people give out their SSN# to anyone who seems legitimate and asks. I never give them out, and you should not either. There is only one reason by law a company can have your SSN#, and that is for paying taxes. If your relationship with the organization does not include paying taxes, then refuse to give them your SSN#. If they deny services, you can sue, it is illegal for them to force you to give them your SSN#. This goes for colleges too, you don't have to give them your SSN#, and they will have to give you a different ID.

    --

    Rosco: "If brains were gunpowder, Enos couldn't blow his nose."

  3. Re:Why is this data not someplace safe? by xC0000005 · · Score: 2, Interesting

    Welcome to what happens when IT grows instead of being designed. The same sort of issue is what causes a large retailer to use a 4 port linksys hub as the central point of their network, what causes a major company to use an employee's backup machine as the webserver (leading to an outage when someone accidentally kicks a cable while listening to music), or what makes an email server out of a abandoned machine in a hallway (with power cords going to one office, network to another).

    It's because it grows.
    "We needed another email server, and..."
    "We didn't have a web site, and ..."
    (I have no idea about the hub. I can say it was doing very well for the demand placed upon it.)

    I've seen this far too much, usually when someone didn't plan, and someone else acted.

    --
    www.voiceofthehive.com - Beekeeping and Honeybees for those who don't.
  4. This was possible due to sloppy administration. by Anonymous Coward · · Score: 2, Interesting

    My Mother is one of the employees on the list. She told me that all of that sensitive info was stored on a laptop. Knowing that much, it's highly unlikely that the data was encrypted. Even a newbie system administrator should know that such data should be on a server that is in a locked, climate controlled room with no windows. SAIC is lucky that their stock is not controlled by the market, cause this sure casts doubt on their competence in computer security.

  5. Sorry guys! Its not that hard! by rejecting · · Score: 3, Interesting

    It seems that some of you are living under the delusion that it would be hard to run away with this kind of info. As a Financial Aid Advisor at a university i can tell you that with my database access, a database access that you can recieve with an 6 doller an hour work study position, you could run away with more than 50,000 ssn, phone numbers, all the information posted on the FAFSA (which is pretty much a rehash of your tax return) I think screaming, WHY DIDN'T THEY HAVE THE SAFEGUARDS IN PLACE, is being pedantic. noone is doing anything to keep your info safe. I'm sorry.

  6. Encrypted data? by Stephen+Samuel · · Score: 3, Interesting

    The people who talked to the press didn't know if the data had been encrypted. At a quick guess, I'd say that if someone could say that it was encrypted that info would have been passed on to the PR geeks, so I'm betting 75/25 that the data was cleartext.

    --
    Free Software: Like love, it grows best when given away.
  7. Re:Only that data? by demachina · · Score: 4, Interesting

    It should be noted that SAIC is the same company who just cratered on the FBI's new Virtual Case File software contract. The one that cost us $170 million dollars and is probably going to be thrown out and replaced with COTS software(which will probably cost millions more). SAIC is one of the elite cadre of companies that specialize in using political influence to land huge government contracts worth billions that they often never deliver anything worth a plugged nickel for. Some other big names CSC, EDS, Lockheed, Boeing, Hallibiburton/KBR, Bechtel....

    Virtual Case File was actually only 1/3 of a larger contract called Trilogy to modernize the FBI's computer systems. In total its a $600 million dollar project and it kind of sounds like the 2/3rds of it CSC is doing isn't going a lot better.

    I'm wagering this is just one of many case studies in the U.S. government squandering money in knee jerk reactions after 9/11 that were awarded before any actual thought had been put in to them. The contractors all make out like bandits though. Remember that when you see the $300-$400 billion budget deficits and the slash and burning of domestic spending to pay for "homeland security". Its open to debate if any of the billions that hve been spent on "homeland security" have actually made the homeland more secure.

    --
    @de_machina
  8. Had this happen at the last company I worked for by raider_red · · Score: 2, Interesting

    My last employer's payroll contractor suffered a break-in similer to this. It appears to have been an inside job, since whoever did it managed to bypass three locked doors, a security system, and two armed guards on the building's only entrance. It appeared that they were only after the hardware, but it was treated as ID theft because of the nature of the data it contained.

    We were advised to put fraud alerts in with the credit reporting agencies, get copies of our reports, and then do it again in three months. No one ever used my ID information, but I'm still getting a credit report regularly just because there might be a copy floating around.

    --
    It's good to use your head, but not as a battering ram.
  9. another PISSED employee owner by Anonymous Coward · · Score: 3, Interesting

    i've been with SAIC for 4 years now, started off good but now it pretty much sucks. This is the icing on the cake.. i'll wager NO ONE gets fired over this (the CFO and/or CTO should resign). There's not much accountability at SAIC, dumb people just get promoted. I'll be leaving soon, F'em.. and if i get ID theft becuase of this i'll be lining up to sue those stupid f%$k's.