TMCnet News
National Nuclear Security Administration Hacking May Date To 2004(Albuquerque Journal (NM) (KRT) Via Thomson Dialog NewsEdge) Jun. 13--ALBUQUERQUE, N.M. -- Hackers may have had the names, Social Security numbers and other personal data of 1,502 National Nuclear Security Administration workers since June 2004, more than a year before the computer break-in was discovered, the agency admitted Monday. The information was stolen from an NNSA computer at Kirtland Air Force Base, and nearly half of the workers, employed by the federal agency and its contractors, are from New Mexico, according to an agency spokesman. The theft was discovered in fall 2005 but did not become public until Friday at a congressional hearing. Senior agency managers scrambled to begin notifying the workers amid criticism that they should have been told sooner. NNSA spokesman Anson Franklin acknowledged Monday that the agency should have told workers sooner that their private information had been jeopardized. "It's clear that we waited too long," he said. He offered no reason for the delay. There is no federal notification requirement in a case like this, according to Marc Rotenberg, executive director of the Electronic Information and Privacy Center in Washington, D.C. Legislation to impose such a requirement failed in Congress last year. But the federal Privacy Act does require federal agencies to protect workers' private information, leaving NNSA vulnerable to lawsuits from affected workers, Rotenberg said Monday. A Department of Energy cyber security team uncovered the computer breach in August or September 2005, according to Franklin, discovering evidence of "an unusual data transmission" from one or more computers at the NNSA's Albuquerque Service Center, Franklin said. Franklin said the security team concluded the break-in could have happened as long ago as June 2004, more than a year before its discovery. News that the crime went undetected for so long drew a new round of criticism to the agency Monday. "I'm very concerned that this breach appears to have gone undetected for quite some time," Sen. Jeff Bingaman, D-N.M., said in a statement issued by his office late Monday afternoon. "But even when it was discovered, the NNSA did not take the appropriate action of notifying the employees whose personal information was compromised. This is clearly unacceptable, and we need both to hold people accountable and make sure this is fixed so it doesn't happen again." Located at Kirtland Air Force Base, the Service Center handles financial, legal and personnel matters for much of the U.S. nuclear weapons complex, including Sandia and Los Alamos national laboratories in New Mexico. Officials said no classified nuclear weapons information was taken. Publicity about the theft comes at a time of heightened concern about identity theft, in which criminals use names, Social Security numbers and other private data to steal people's money. In May, a thief stole a computer containing data on 26.5 million military veterans and active-duty members from the home of a Department of Veterans Affairs employee. In Yakima, Wash., last week, police searching a house as part of a burglary investigation found a 10-year-old paper list of the names and Social Security numbers of then-employees at the Department of Energy's Hanford site. DOE officials began notifying workers over the weekend. |