DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The DOJ Criminal Division’s Laptop Computer Encryption Program and Practices – Audit Report

Posted on April 2, 2010 by Dissent

From the summary of findings in The Criminal Division’s Laptop Computer Encryption Program and Practices, Audit Report 10-23, March 2010:

Criminal Division-Owned Laptop Computers

Our review found that of the 40 laptops we tested for encryption software, 10 did not have encryption, and 9 of those 10 did not have Windows passwords enabled. All of the unencrypted laptops were in one Criminal Division section, the International Criminal Investigative Training Assistance Program (ICITAP), and all of those laptops contained sensitive departmental data.

In addition to our testing of laptops for encryption, we found weaknesses in other areas of the Criminal Division’s laptop encryption program. We determined that at least 43 laptops did not comply with DOJ standards and Criminal Division requirements for laptop security settings. Also, documentation was not maintained to verify the successful installation of whole disk encryption software for all laptop computers. In addition, the Criminal Division was unable to produce an accurate inventory of the universe of laptop computers it owns from ARGIS, DOJ’s official property management system.

Non-Criminal Division-Owned Laptop Computers

We found serious deficiencies with the [Offices, Boards, and Divisions] OBD 47 contractor-owned laptops. Specifically, seven out of nine OBD 47 contractors we tested processed sensitive Department data on laptops without encryption.

In addition to our testing of contractor laptops for encryption, we found weaknesses in oversight of data security policies for the Criminal Division’s contractors. For both the Mega 3 and OBD 47 contracts, we found that these contracts did not have the required security clause requiring encryption, and the Criminal Division had not implemented alternative controls to compensate for the contract deficiencies.

The entire audit can be found here (pdf).

Category: Commentaries and AnalysesGovernment SectorOf Note

Post navigation

← NV: Washoe County School District notifies parents of stolen student info
BCBS of Tennessee still notifying individuals of breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.