Agencies have reported hundreds of wide-ranging incidents involving the loss or compromise of sensitive personal information through their components or contractors stretching back to January 2003, according to a report on data breaches compiled by the House Government Reform Committee.
The report said that while agency responses to data losses vary widely — indeed most of them would not have been made public had the committee not requested the information — that Veterans Identity and Credit Security Act of 2006, recently passed in the House, would standardize that reporting process.
Among the conclusions drawn in the report are that data loss is a government-wide occurrence, agencies often do not know what was lost and don’t track possible losses, and contractors are responsible for many of the reported breaches.
The report also emphasized the need for physical security, saying that the vast majority of data losses arose from physical thefts of portable computers, drives, and disks or, unauthorized use of data by employees.
Among the causes of data losses are employee carelessness, contractor misconduct, and third-party thefts, the report said, adding that the scores that the committee gives to agencies each year on information security remained low or dropped sharply and that the federal government overall received a D-plus.
