Slashdot Mirror
Identity Theft of Many SAIC Employees
Rick Zeman writes "In the wake of the Geoge Mason University identity theft comes another: SAIC, an employee-owned company, has had a break-in which '...netted computers containing the Social Security numbers and other personal information about tens of thousands of past and present company employees.' These employees include anyone who's owned SAIC stock, and since it's an employee-owned company, that's most of them, including 'some of the nation's most influential former military and intelligence officials.'"
I am getting SAIC of these criminals who steal identities and of the companies that help them. For our SAIC, companies who have such personal information & fail to secure it should be sued. I realize that is SAICriligious, but I don't care any more. Finding these criminals will be like looking for a needle in the haySAIC.
One of my parents may have had their identity stolen in this incident. I sure hope not, but in any case... what now? What can be done to prevent the stolen numbers from being used illegitimately?
"We are the Dyslexia of Borg. Your ass will be laminated. Futility is resistant."
So am I crazy, or shoudl these desktop machines not even be HOLDING this kind of data? Sensitive information (all business-related data in my opinion) belongs on the server, not on individual machiens. The server belongs in a secured, protected space. You should be able to lose all of your "personal" computers and only have the inconvenience of setting up new computers for those users. I would say that loss is the fault of poor IT practices.
Time is the quality of nature that keeps events from happening all at once. Lately it doesn't seem to be working. -Anon
Break-In At SAIC Risks ID Theft Computers Held Personal Data on Employee-Owners
By Griff Witte
Washington Post Staff Writer
Saturday, February 12, 2005; Page E01
Some of the nation's most influential former military and intelligence officials have been informed in recent days that they are at risk of identity theft after a break-in at a major government contractor netted computers containing the Social Security numbers and other personal information about tens of thousands of past and present company employees.
The contractor, employee-owned Science Applications International Corp. of San Diego, handles sensitive government contracts, including many in information security. It has a reputation for hiring Washington's most powerful figures when they leave the government, and its payroll has been studded with former secretaries of defense, CIA directors and White House counterterrorism advisers.
Those former officials -- along with the rest of a 45,000-person workforce in which a significant percentage of employees hold government security clearances -- were informed last week that their private information may have been breached and they need to take steps to protect themselves from fraud.
David Kay, who was chief weapons inspector in Iraq after nearly a decade as an executive at SAIC, said he has devoted more than a dozen hours to shutting down accounts and safeguarding his finances. He said the successful theft of personal data, by thieves who smashed windows to gain access, does not speak well of a company that is devoted to keeping the government's secrets secure.
"I just find it unexplainable how anyone could be so casual with such vital information. It's not like we're just now learning that identity theft is a problem," said Kay, who lives in Northern Virginia.
About 16,000 SAIC employees work in the Washington area.
Bobby Ray Inman, former deputy director of the CIA and a former director at SAIC, agreed. "It's worrisome," said Inman, who also received notification of the theft last week. "If the security is sloppy, it raises questions."
Ben Haddad, an SAIC spokesman, said yesterday that the Jan. 25 theft, which the company announced last week, occurred in an administrative building where no sensitive contracting work is performed. Haddad said the company does not know whether the thieves targeted specific computers containing employee information or if they were simply after hardware to sell for cash. In either case, the company is taking no chances.
"We're taking this extremely seriously," Haddad said. "It's certainly not something that would reflect well on any company, let alone a company that's involved in information security. But what can I say? We're doing everything we can to get to the bottom of it."
Gary Hassen of the San Diego Police Department said there were "no leads."
Haddad said surveillance cameras are in the building where the theft took place, but he did not know whether they caught the perpetrators on tape. He also did not know whether the information that was on the pilfered computers had been encrypted.
The stolen information included names, Social Security numbers, addresses, telephone numbers and records of financial transactions. It was stored in a database of past and present SAIC stockholders. SAIC is one of the nation's largest employee-owned companies, with workers each receiving the option to buy SAIC stock through an internal brokerage division known as Bull Inc.
Haddad said the company has been trying through letters and e-mails to get in touch with everyone who has held company stock within the past decade, though he acknowledged that hasn't been easy since many have since left the company.
He said the company would take steps to ensure stockholder information is better protected in the future, but he declined to be specific.
The theft comes at a time when the company, which depends on the federal government for more
The company has actually been very responsive to this. They sent out a mass email immediately and created a site of what happened and what to do on the company intranet two days later. They have issued updates, police reports, etc. nearly every day since.
I've occaisionally had issue with the company's size keeping it from being responsive, but this is one thing that got picked up very quickly.
They better start taking a good close look at their own...
People say I'm crazy, I got diamonds on the soles of my shoes...
Notice the irony:
"The contractor, employee-owned Science Applications International Corp. of San Diego, handles sensitive government contracts, including many in information security."
Are we sure it's only the personal data that was compromised? One would be more worried about what *else* was uncovered by whoever-did-this.
"Ben Haddad, an SAIC spokesman, said yesterday that the Jan. 25 theft, which the company announced last week, occurred in an administrative building where no sensitive contracting work is performed."
Or is it the case that break-in was *detected* only in one of the buildings? They had to smash windows of the administrative building, to get the keys of the others?
'some of the nation's most influential former military and intelligence officials.'
Maybe this is just the thing we need to make people get serious about privacy.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
He said the successful theft of personal data, by thieves who smashed windows to gain access
It looks like Microsoft will be blamed again!
One man's Funny is another man's Offtopic.
This is not identity theft (yet, anyway)... Stealing people's private data is a breach of security, but it doesn't become identity theft until that data is used in a fraudulent way.
Someone downthread asked how you can protect yourself... You can't protect your data on someone's system from being stolen, but you can make sure that no one is using your data. Keep track of your credit card bills and reiew your credit report (you can get those for free if you try) and you should be OK.
The difference is between someone looking into your apartment with binoculars when you change, and someone raping you.
Ecce Europa - Web Design for Business
Maybe it is time the Government tossed some heavy regulation out to require better e-security.
Maybe if you RTFA you would realize that e-security had nothing to do with it.
These computers were physically stolen. e-security would not have done a damn thing. physical security was, and is, the most fundamental thing that can be implemented.
Mit der Dummheit kämpfen Götter selbst vergebens.
It seems that some of you are living under the delusion that it would be hard to run away with this kind of info. As a Financial Aid Advisor at a university i can tell you that with my database access, a database access that you can recieve with an 6 doller an hour work study position, you could run away with more than 50,000 ssn, phone numbers, all the information posted on the FAFSA (which is pretty much a rehash of your tax return) I think screaming, WHY DIDN'T THEY HAVE THE SAFEGUARDS IN PLACE, is being pedantic. noone is doing anything to keep your info safe. I'm sorry.
There is only one reason by law a company can have your SSN#, and that is for paying taxes. If your relationship with the organization does not include paying taxes, then refuse to give them your SSN#. If they deny services, you can sue, it is illegal for them to force you to give them your SSN#.
Could you give some sources? I don't believe that your statement is generally true. It's true that there are only a few cases where you are required by law to give out your SSN (the N stands for Number, by the way--a SSN# is like an ATM Machine). However, that doesn't necessarily mean that it's illegal for other companies to ask for your SSN, or refuse you service if you don't give it out. All the sources I can find (this one for example) say that in most cases the most you can do is take your business elsewhere. Some states have laws preventing refusal of service in specific cases (such as utilities), but in general you have no recourse but to complain and/or go elsewhere.
Before people take your advice and start threatening to sue everyone for violating a law, they should make sure the law actually exists where they are and applies to their situation--otherwise they'll just end up looking looking silly. Besides, it's always much more effective to be able to quote a specific law a company is breaking instead of just making vague claims of illegality.
The people who talked to the press didn't know if the data had been encrypted. At a quick guess, I'd say that if someone could say that it was encrypted that info would have been passed on to the PR geeks, so I'm betting 75/25 that the data was cleartext.
Free Software: Like love, it grows best when given away.
Surely they can't be a security-by-obscurity magic code that is used both as an identifier and as a password, so that possession of this single piece of information permits identity theft?
Of course they can! It's stupid, but there you have it.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Having worked for them, I have to say I have already received a letter but if anything happens, I am holding them liable to maintaining the security of my personal information for any loss. If they aren't in the position to hold it securely and with respect then they should expect some grumbling for present and past employees.
I won't touch on my experience while working for them. I find the whole ownership thing to be overrated but that's me.
i've been with SAIC for 4 years now, started off good but now it pretty much sucks. This is the icing on the cake.. i'll wager NO ONE gets fired over this (the CFO and/or CTO should resign). There's not much accountability at SAIC, dumb people just get promoted. I'll be leaving soon, F'em.. and if i get ID theft becuase of this i'll be lining up to sue those stupid f%$k's.