The University of California
system has agreed to pay the U.S. Department of Energy
(DOE) a $2.8 million fine as a result of a security breach at Los Alamos National Laboratory
The university agreed to not challenge the fine and to “accept responsibility for the violations,” the DOE's National Nuclear Security Administration
(NNSA) said in a news release. The charges and subsequent fine stemmed from an incident in which a subcontractor's employee stole more than a thousand classified documents
and stored others on a USB drive in 2006.
The settlement is slightly less than the $3 million penalty the NNSA had imposed in September
on the university, which managed the New Mexico laboratory for the DOE until June 2006. A limited liability corporation called Los Alamos National Security, comprised of Bechtel National, BWX Technologies, the Washington Group International and the university system, now operates the lab.
The university system said in a statement that it "recognizes that further protections could and should have been provided to reduce the opportunity for the cited unauthorized removal."
Previously, the university had denied violating DOE security requirements because the employee who took classified information home worked for a lab subcontractor.
Jessica Lynn Quintana pleaded guilty to a misdemeanor
in U.S. District Court in Albuquerque, N.M., in May. Hired by the northern New Mexico laboratory to archive classified information, Quintana faces up to one year in jail, five years of probation and a $100,000 fine.
Quintana admitted that when she worked in a secure area at the lab on July 27, 2006, she printed pages of classified documents and downloaded classified data onto a USB drive. She carried the data home in a backpack to catch up on work scanning the documents, according to the U.S. Department of Justice. She was apprehended in a drug raid targeting another person sharing the trailer she lived in.
As SCMagazineUS.com reported in May, the theft of classified data forced Los Alamos to deploy a wide range of security policies. In addition to disabling USB ports and encrypting laptop hard drives, the lab has "significantly reduced risks in both cyber- and physical security [by] reducing and consolidating classified holdings,” a lab spokeswoman told SCMagazineUC.com.
In April, it warned employees that their identity may be at risk after the names and Social Security numbers of 550 lab workers were posted on a website operated by a subcontractor.