Group items tagged

Hackers broke into the Federal Aviation Administration's computer system last week, accessing the names and national identification numbers of 45,000 employees and retirees, a union leader says. Tom Waters, president of American Federation of State, County and Municipal Employees Local 3290, said FAA officials briefed union leaders Monday about the security breach. FAA spokeswoman Laura Brown confirmed the agency's computers were hacked last week. Story continues below ↓advertisement | your ad here Waters said union leaders were told hackers gained access to two files. One file had the names and Social Security numbers of 45,000 employees and retirees on the FAA's rolls as of February 2006. Social Security is the U.S. government-directed pension system, and in the absence of a national identity card, other people's social security numbers can be used to steal identities for illicit purposes. Waters said the other file contained medical information that was encrypted. "These government systems should be the best in the world, and apparently they are able to be compromised," said Waters, an FAA contracts attorney. "Our information technology systems people need to take a long hard look at themselves and their capabilities. This is malpractice in their world." FAA officials told union leaders the incident was the first of its kind at the agency. But Waters said his union complained about three or four years ago about an incident in which employees received anti-union mail that used names and addresses that appeared to be generated from FAA computer files.

Incident demonstrates that even agencies that put in security controls are still vulnerable The Federal Aviation Administration was doing such a good job at protecting data in its computer systems that the Office of Management and Budget chose it in January to be one of four agencies to guide other federal agencies in their cybersecurity efforts. Just a month later, FAA officials had to admit that hackers breached one of the agency's servers, stealing 48 files. Two of the files contained information on 45,000 current and former FAA employees, including sensitive information that could potentially make them vulnerable to identity theft. The security breach, although significant and potentially far reaching, is not necessarily a reflection on FAA's security measures. Rather, it demonstrates the problems of securing federal computer systems and difficulty in evading every potential attack. "Every agency is living through the same problems," but most are being less forthcoming about reporting them, said Alan Paller, director of the SANS institute. "FAA should get kudos for rapid action. Slamming them shows a complete lack of understanding about the state of security in federal agencies."