A government laptop stolen from the home of a VA data analyst in 2006 contained Social Security numbers and other personal information for 26.5 million veterans and active duty troops.
A class action suit brought by veterans groups was later settled by the agency for $20 million.
“Several VA data breaches occurred before and after this big and expensive incident,” says Katie Johnson, a spokesperson for Awareity, a risk management company. “Most breaches could have been prevented.”
That big, expensive incident now ranks among the ten biggest-ever federal security breaches, according to a recent report from Government Executive.
The infamous WikiLeaks incident made the list, too. The government has charged Pfc. Bradley Manning with passing sensitive data to WikiLeaks, which has made some of the information public. Tim Brown, chief security architect at CA Technologies, says the leak “showed us that the insider is a direct line to sensitive data.”
In February 2009, hackers broke into the computer network of the Federal Aviation Administration and gained access to sensitive records, including personnel files of 45,000 FAA employees. President Obama responded by ordering a 60-day cybersecurity policy review. The incident “highlighted the necessity to defend computer networks from cyber intrusions,” noted the Center for Strategic and International Studies.
And, in March 2011, a foreign intelligence service stole 24,000 files, which likely were related to the development of new weapons, by hacking into the computer system of an unnamed Defense contractor.
“This incident is significant because of the volume of files compromised, the target, and the context in which it was revealed,” observes the Center for Strategic and International Studies.
The Pentagon disclosed the breach while introducing Defense’s new cyber strategy, which seeks to more aggressively identify and disrupt hackers before they strike.
Other incidents that made the top 10 include a 2010 attack by the computer worm Stuxnet, attacks on National Laboratories in July and the hacking of the U.S. Senate in June.