Information On 580,000 Military Personnel At Risk

Identifying information on more than half a million uniformed military personnel and their families was compromised by a military contractor.

Science Applications International Corp. (SAIC), a Fortune 500 tech-services provider, released an advisory late last week that the company is notifying about 580,000 households, some with more than one affected person. The information, according to the release, was transmitted over the Internet without being encrypted.

"We deeply regret this security failure and I want to extend our apologies to those affected by it," said Chairman and CEO Ken Dahlberg, in a written statement. "We are concerned about the inconvenience and risk of potential compromise of personal information this may cause. The security failure is completely unacceptable and occurred as a result of clear violations of SAIC's strong internal IT security policies.""

SAIC reported that it has forensic investigators trying to figure out if anyone actually grabbed any of the unencrypted information, adding that "the possibility cannot be ruled out."

The information was stored on a single, SAIC-owned, non-secure server at a small SAIC location, and in some cases was transmitted over the Internet in an unencrypted form, according to the release. The contracts were with customers in the departments of the Army, Navy, Air Force, and Homeland Security. The work was being done in connection with Tricare, the health benefits program for those in the uniformed services, retirees, and their families.

SAIC reported that the personal information at risk varies by individual, but could include combinations of names, addresses, Social Security numbers, birth dates, and limited health information in the form of codes. "We deeply regret this lapse," wrote Dahlberg in an open letter posted to the company's Web site. "I offer my personal apology to those service members and their families who may be affected by this, and to the customers who did not receive from SAIC the high level of performance they have learned to expect and deserve. Our focus now is on providing support to those persons who may be affected by this, and to vigorous internal efforts to make sure that such a lapse does not recur."

The release also noted that the contractor has launched an internal investigation using outside counsel to figure out how the breach occurred, and "a number of employees" were placed on administrative leave.