More and more often we are finding that our personal data is at risk. The latest two stories come from the US Navy and, earlier this week, at the University of Tennessee. Let's start with the Navy, since the personal information was posted on the web.
Personal records for every Navy and Marine Corps aviator or aircrew member who has logged flight hours in the past 20 years have been posted on a public Navy Web site for the past six months, compromising more than 100,000 Social Security numbers, the Navy Safety Center announced yesterday.
Investigators are working to determine how the records landed on the Navy Safety Center's Web site, which officials shut down Thursday after a member of the public reported finding the full names and Social Security numbers posted. Evelyn Odango, a spokeswoman for the safety center in Norfolk, said the list had been posted since December and appeared to be "inadvertent" and the result of "human error."
[...]The Government Accountability Office, the Agriculture Department, the Energy Department and the Internal Revenue Service all announced that they have had similar personal data compromised recently via Web site postings, Internet hackers and loss of electronic equipment. Two weeks ago, the Navy announced that personal information on 28,000 sailors and their family members was compromised when it appeared on a public Web site.
I gotta ask, why the hell did it take 6 months to realize this information was on the web? Don't they check the site on a regular basis? That seems to me to fall under basic maintenance.
From UT, the information was being accessed for a 9 month period!
A hacker broke into a University of Tennessee computer containing a database that held personal information about employees, but there is no indication the hacker accessed or used any of the information, officials said today.
The university is notifying employees and other individuals affiliated with UT that a computer hacker broke into a UT computer.
The hacker apparently used the computer to store and transmit movies without UT's authorization.
About 36,000 employees, student employees and others associated with the university were on the database that included names, addresses and Social Security numbers. Those on the database were employed by UT on or before August 2005.
The hackers' activities occurred during a nine-month period, from August 2005 to May 2006.
What is going on here? Why aren't databases con tining personal information being more closely monitored? Are hackers that sophisticated in what they are doing?
A few days ago I posted about the FBI consultant that used passwords (some obtained by consent), and hacking programs available on the internet to show the FBI where their short-comings were. If these programs are so readily available (which I have not searched for), you would think that IT workers would be aware of them, and use those programs to thwart hackers from breaking into their own computer systems. It sounds like a simple solution to me.