Clinton White House data on missing National Archives drive

Share this article:
Updated Wednesday, May 20, 2009 at 5:37 p.m. EST

The National Archives and Records Administration (NARA) has lost an external hard drive that contained copies of sensitive data belonging to the Clinton administration, the agency confirmed Wednesday.  

The drive contains what is said to be a terabyte of data, including personally identifiable information of White House staff and visitors. NARA discovered that the hard drive was missing in early April 2009 and reported it to senior officials, including the inspector general (IG) of NARA, who started a criminal investigation into the breach, according to a statement sent from NARA to SCMagazineUS.com Wednesday.

The drive went missing sometime between October and March from the Archives facility in College Park, Md., the Associated Press reported, citing Reps. Edolphus Towns, D-N.Y., and Darrell Issa, R-Calif., who learned details of the breach from the NARA IG. The breach occurred when NARA was in the process of converting information from the Clinton administration to digital records. Before it went missing, the drive was placed on a shelf for an unspecified period of time in an area that could have been accessed by more than 100 individuals with official badge access and other visitors, janitors, interns and passers-by, the AP reported.

The NARA IG was not available Wednesday. A spokeswoman for the Archives said the agency could not provide any additional details or confirm those reported by the AP.

In a statement about the breach Towns said he is "deeply concerned about this serious security breach at the National Archives." 

"Therefore, I will hold separate members' briefings on ongoing investigations into this matter with the National Archives inspector general and the FBI, so committee members can begin to understand the magnitude of the security breach and all of the steps being taken to recover the lost information," Towns said.

NARA is preparing to issue a breach notification to affected individuals. In addition, NARA immediately undertook a review of internal controls and has implemented improved security processes, the agency said in the statement to SCMagazineUS.com.

“There are several ways this incident could be avoided and the case of the missing hard drive would be irrelevant,” Nick Nikols, vice president of security at Novell told SCMagazieUS.com in an email Wednesday. “Obviously, you could put it in a drawer, lock it in a cabinet, or hire honest people that don't have shifty eyes, etc. However, the key to this incident is mainly negligence and a false sense of security, a scenario many companies and government organizations experience.”

From a technology perspective, there are a plethora of solutions to solve this issue but, there is no technology that solves pure complacency, Nikols added.

Phil Lieberman, founder and CEO of Lieberman Software told SCMagazineUS.com in an email Wednesday that it's hard to determine the extent of risk exposure associated with this breach with the limited details that are known but given that these are mostly public figures, the extent of “private” information contained on the disk is probably limited.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.