- The Washington Times - Saturday, July 21, 2007


Pentagon contractor SAIC Inc. may have compromised personal information about more than half a million military personnel and their relatives because it did not encrypt data transmitted online.

SAIC said yesterday it has not found any evidence that the information — names, addresses, birth dates, Social Security numbers and health information — was accessed by unauthorized people.

“But we can’t rule that possibility out,” said Melissa Koskovich, a spokeswoman for SAIC.

SAIC provides technical services for a health benefits program used by active military personnel, retirees and their families.

This is not SAIC’s first cyber-security problem.

In January 2005, thieves broke into a facility and stole computers containing names, Social Security numbers and other information about past and current employees, according to nonprofit consumer organization Privacy Rights Clearinghouse.

SAIC is investigating how the latest incident occurred with help from a third party it did not name. An unspecified number of employees were placed on administrative leave pending the outcome of the investigation, Ms. Koskovich said.

She could not say how long the probe would take.

SAIC said the problem occurred when it transmitted online, without encryption, information regarding 580,000 military households that is maintained on an unsecured server in Shalimar, Fla. A household may represent more than one person, the company said.

Cyber-security analyst Bob Schmid of the New York-based New Media Institute said when data is compromised at large corporations it is usually the result of internal technology lapses, not outsiders trying to break in.

“Some institutions are so very, very large that they don’t know where all their pieces are,” said Mr. Schmid.

The company said it was notified on May 29 by the U.S. Air Force in Europe that the branch detected an unsecured transmission of the information.

SAIC said it fixed the security problems and advised potentially affected people.

SAIC hired Kroll Inc., a subsidiary of Marsh & McLennan Companies Inc., to help military families deal with potential identify-theft issues, Ms. Koskovich said.

Bank of America analyst Gregory Wowkun said in a research note yesterday that SAIC told him that Kroll’s services would cost SAIC $7 million to $9 million in its fiscal second quarter. Mr. Wowkun reduced, by a penny, his estimate for SAIC’s second-quarter profit.

SAIC processes health information for military personnel under a contract with the Army, Navy, Air Force and Department of Homeland Security.

A spokesman for the Pentagon could not immediately comment on the security breach.

Shares of SAIC fell 5 cents to $18.30 yesterday.



Click to Read More

Click to Hide