The U.S. Department of Agriculture (USDA) announced this week that the identities of about 26,000 employees and contractors may have been compromised by the illegal hijacking of the agency's computer systems earlier this month.
This marks the fourth breach in two months to affect a government agency.
According to a USDA statement, forensics teams concluded they are "uncertain" whether the affected parties’ personal information was accessed, which prompted Wednesday’s announcement. Initially, the statement said, Agriculture Secretary Mike Johanns was told the confidential data had not been compromised.
The sensitive information includes names, Social Security numbers and photographs, the statement said.
"USDA information technology personnel were notified on June 5 of the suspicious computer network traffic and immediately took action to protect the administrative system that was breached," the statement said. "USDA takes very seriously its responsibility to appropriately safeguard our employees’ personal information and is working to prevent similar future incidents."
The department sent email notifications Wednesday to affected individuals. The messages contained information about the breach and a promise of one year of free credit monitoring, according to the statement. Letters also are scheduled to be sent.
On Thursday, the Federal Trade Commission revealed that two laptops, one containing the personal information of 110 people, some of whom are defendants in current and past FTC cases, were stolen from a locked car.
Earlier this month, the Department of Energy announced that a hacker obtained data belonging to the agency’s nuclear weapons agency last year, stealing the names and Social Security numbers of 1,500 department employees.
The data theft occurred at a National Nuclear Security Administration (NNSA) system in Albuquerque, N.M., according to published reports. None of the victims were notified.
That announcement followed the breach of the personal information of millions of current and former U.S. Armed Forced members.
A computer containing the data of 17.5 million victims was stolen from an employee’s home May 3 in Virginia. The Department of Veterans Affairs has said the employee violated department policy when he left the office with the laptop.
Gordon Rapkin, president and CEO of data security firm Protegrity, said government agencies and businesses are spending too much reactionary money.
"The cost of prevention would have been a fraction of the cost of credit monitoring," he said.
Rapkin recommends organizations focus as much attention on protecting data as they do securing the pathways to that sensitive information. Encryption, he said, is a key solution.
"Even if someone were to breach the application, breach the firewall, you lock down the data so it turns out to be lead," he said. "It’s not worth anything to them."