Bryan Bender has a piece in The Boston Globe about the TRICARE/SAIC breach last December. The story doesn’t shed any new light on the breach, and I am still waiting for Rep. Ed Markey to release the response he got from TRICARE to a letter he had sent them (his staff assures me he will be releasing it soon).
But what really caught my eye in his story was this part:
The contractor “has experienced no fewer than six security failures’’ since 2005 involving privacy data, the suit alleges, including a break-in at a company facility in California in 2005 in which the Social Security numbers and financial transactions of 45,000 top military and intelligence officials were stolen.
Two years later, the company announced that the health records of nearly 900,000 soldiers, their family members, and other government employees were compromised when they were transmitted online without encryption.
“We don’t know what specific instances that they are talking about, whether they are SAIC, whether they might be a vendor of some kind to us, and we don’t want to get into a dialogue about pending litigation,’’ said Vernon Guidry, a spokesman for Science Applications International Corp., also known by its acronym.
SAIC doesn’t know what the six specific instances were? Let me help. None of those reported incidents involved vendors – or if they did, SAIC failed to disclose that.
Or perhaps SAIC really meant to say that they don’t know which six instances Rep. Markey was referring to? How many other data security breaches have they had that were not discovered by us in the course of checking media sources and available reports from states?
Those affected by SAIC breaches may be understandably upset. What is not so understandable is why SAIC continues to get huge government contracts if there is a history of data breaches. Yes, any company can experience a breach, but these often involve big numbers and Congress should be asking whether taxpayer dollars are being spent wisely.