Ryan Singel reports:
The inspector general of the National Archives and Records Administration is investigating a potential data breach of tens of million of records about U.S. military veterans, after the agency sent a defective hard drive back to its vendor for repair and recycling without first destroying the data.
At issue is a hard drive that helped power eVetRecs, the system veterans use to request copies of their health records and discharge papers. When the drive failed in November of last year, the agency returned the drive to GMRI, the contractor that sold it to them, for repair. GMRI determined it couldn’t be fixed, and ultimately passed it to another firm to be recycled.
The incident was reported to NARA’s inspector general by Hank Bellomy, a NARA IT manager, who charges that the move put 70 million veterans at risk of identity theft, and that NARA’s practice of returning hard drives unsanitized was symptomatic of an irresponsible security mindset unbecoming to America’s record-keeping agency.
Read more on Threat Level.