A laptop stolen from a government contractor last month contained names, addresses and Social Security numbers of more than 207,000 U.S. Army reservists, Krebsonsecurity.com has learned.
The U.S. Army Reserve Command began alerting affected reservists on May 7 via e-mail. Col. Jonathan Dahms, chief public affairs for the Army Reserve, said the personal data was contained on a CD-Rom in a laptop that was stolen from the Morrow, Ga. offices of Serco Inc., a government contractor based in Reston, Va.
The laptop was one of three stolen from the Serco offices, but it was the only one that contained sensitive personal information, Dahms said.
Serco held the data on reservists as part of its contract with the U.S. Army’s Family and Morale, Welfare and Recreation division. As a result, Dahms said, some of the data on the missing laptop may belong to dependents and spouses of U.S. Army reservists.
The e-mail sent to affected service members expresses regret over the incident, but offers little other consolation. From the letter:
The Army takes this loss very seriously and is reviewing current policies and practices with a view of determining what can or must be changed to preclude a similar occurrence in the future.
At a minimum, we will be providing additional training to personnel to ensure that they understand that personally identifiable information must at all times be treated in a manner that preserves and protects the confidentiality of the data.
Dahms said, however, that the Army is looking at further steps to protect the identities of those whose personal information was potentially exposed by the theft, although he declined to name any specific solutions.
“We did have an extensive meeting with all key staff at U.S. Army Reserve Command to see what we can implement to make sure our soldiers and families are protected,” he said.
More than seven million consumer records have been exposed in at least 264 data breaches so far this year, according to the latest figures from the Identity Theft Resource Center, a San Diego nonprofit. The ITRC has tallied some 38 other incidents of data loss or theft involving the government and/or the military so far this year, breaches that exposed nearly 300,000 records.