Hackers Crack FAA Employee Data

The personal information of more than 45,000 Federal Aviation Administration employees and retirees was exposed to possible identity theft. FAA reports that the hacked server was not connected to the air traffic control system or any other FAA operational system.

Just a day after President Obama ordered a comprehensive review of the government's cyber-security systems, the Federal Aviation Administration reported Feb. 10 that hackers illegally accessed an agency computer and stole employee personal identity information. The FAA said in a statement that the hacked server was not connected to the operation of the air traffic control system or any other FAA operational system.
According to the FAA, two of the 48 files on the breached computer server contained personal information about more than 45,000 FAA employees and retirees who were on the FAA's rolls as of the first week of February 2006. All affected employees will receive individual letters to notify them about the breach.
"The FAA is moving quickly to prevent any similar incidents and has identified immediate steps as well as longer-term measures to further protect personal information," stated the FAA. "The agency is also providing a toll-free number and information on the employee website for those who believe they may be affected by the breach."
The FAA did not state when the breached occurred. The FAA was not immediately available for further comment.
The number of reported data breaches in the United States jumped nearly 50 percent in 2008, according to the Identity Theft Resource Center. All totaled, there were 656 breaches reported last year, up from 446 in 2007. The breaches led to nearly 35.7 million records being exposed.
According to the IRTC, only 2.4 percent of all the data breaches had the information secured by encryption or other strong protection methods. Just 8.5 percent had the exposed data protected by passwords.

"Our sense is that two things are happening-the criminal population is stealing more data from companies and that we are hearing more about the breaches," the ITRC said in a statement. "ITRC has been tracking breaches since 2001. One thing we absolutely can say is that [data breaches are] not a new problem."

Heading Obama's 60-day cyber-security review will be Melissa Hathaway, who served as the cyber-security coordinator executive under Mike McConnell, former President Bush's director of National Intelligence. The review will cover all of the government's cyber-security plans, programs and activities.

"The national security and economic health of the United States depend on the security, stability and integrity of our nation's cyberspace, both in the public and private sectors," John Brennan, assistant to the president for Counterterrorism and Homeland Security, said in a White House statement. "The President is confident that we can protect our nation's critical cyber infrastructure while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties."