Government Contractor Exposes Personal Data

by Doug Pollack

Network World recently published an article titled “Federal Workers Notified after SRA Virus Breach” about SRA, a 6,600 person federal government contractor, who recently reported a data breach.The breach was caused by a virus in their computer systems that exposed personal information including employee names, addresses, Social Security numbers, dates of birth and healthcare provider information as communicated by the company said in a notification posted at the Maryland Attorney General’s Web site.

“The breach is embarrassing for SRA, a 6,600-employee technology consulting company that sells cybersecurity and privacy services to the federal government. The company wouldn’t say which federal agencies were affected by the breach, but in U.S. Securities and Exchange Commission filings it lists intelligence agencies and those such as the U.S. Department of Defense, the U.S. Department of Homeland Security and the U.S. National Guard among its clients.”

While unfortunate for SRA and the federal workers whose personal information was compromised, this continues to provide a wake up call for organizations of all sizes that current security approaches and technologies are not a guarantee against the eventuality of a data breach. Organizations are increasingly turning to an outside privacy risk assessment to get an independent view as to their real risks of data breach.