NASA Breach Leads RoundupUnencrypted Laptop Stolen; Court Employees Indicted in Code Theft
In this week's breach roundup, the National Aeronautics and Space Administration is ramping up efforts to encrypt all laptops following the recent theft of an unencrypted device. Also, two former employees of the Alabama Administrative Office of the Courts were indicted for stealing the programming code for a court data system.
See Also: The Power and Scale of XDR
NASA Encrypting Laptops After Breach
The National Aeronautics and Space Administration is ramping up efforts to encrypt all laptops following the recent theft of an unencrypted device containing sensitive personal information.
Commenting on the Oct. 31 breach, NASA spokesman Michael Braukus tells Information Security Media Group: "Currently, it is estimated that 10,000 people have been affected, but the final number could be higher. Affected individuals identified to date include people who have applied for access to NASA information or facilities. The effort to identify all those who were affected is ongoing."
In an e-mail to employees, Richard Keegan Jr., NASA's associate deputy administrator, reveals that the laptop was stolen from an employee's locked vehicle. The device contained personally identifiable information on "a large number of NASA employees, contractors, and others," according to the e-mail, obtained by the news site SpaceRef.
Braukus offers further details: "The computer was password-protected, but some of the specific files were not encrypted as required by NASA policy," he says. "The hard drive also had not yet received the whole-disk encryption software as part of the ongoing agency-wide effort."
NASA is assessing whether the data breach resulted from any violations of the agency's security policy and procedures, Braukus adds. The organization is also offering those affected by the breach free credit monitoring and related services from ID Experts, the e-mail from Keegan states.
Court Employees Indicted for Stealing Code
Two former employees of the Alabama Administrative Office of the Courts were indicted for stealing the programming code for a sensitive court data system, according to the Justice Department.
The two employees, Michael David Carroll, 58, and Jill Hawthorne, 35, allegedly stole the code of the Namemaster database, which holds the court records, and also stole the digital blueprint, known as the schema, for how the database was constructed.
Carroll is the former director of information systems for the AOC, and Hawthorne is a former database administrator.
According to the indictment, Carroll and Hawthorne allegedly transferred the code and schema to an Orlando-based private software development company, CyberBest Technology Inc. They also allegedly facilitated the transfer of hundreds of thousands of Jefferson County, Ala., court records to CyberBest.
If convicted, Carroll and Hawthorne each face a maximum penalty of 10 years in prison and a $250,000 fine.
Lawsuit Against Gaming Site Dropped
A class action lawsuit against Valve Corp., developer of the online gaming platform Steam, has been dismissed by a federal judge because the plaintiffs failed to adequately plead damages.
Judge James L. Robart of the Western District of Washington dismissed the claims on Nov. 14, according to Data Privacy Monitor, a blog maintained by the BakerHostetler law group.
In November of 2011, Valve Corp. confirmed that it had suffered a data breach that may have exposed up to 35 million users to fraud. Gabe Newell, founder of Valve, said intruders obtained access to a database in addition to user forums. The database contained information including user names, hashed and salted passwords, game purchases, e-mail addresses, billing addresses and encrypted credit card information.
E-mail Error Exposes Taliban Mailing List
A Taliban spokesperson transmitting a press release accidentally made the names on its mailing list public, according to ABC News.
The error consisted of the sender CCing everyone on the list instead of using the BCC function, which keeps e-mail addresses private, the report said.
The list consisted of more than 400 recipients, most of whom are journalists. The Taliban, an Islamic fundamentalist militant movement, routinely sends out press releases to that mailing list, ABC reports.