The 2012 political races were dominated by a debate about the “makers” vs. the “takers” among the American electorate.
But it was government agencies themselves that were taken—by hackers, security flaws and employee ineptitude.
Government agencies, from small county election boards to NASA, suffered data breaches. In fact, our federal and state governments have lost more than 94 million data records in the past four years, according to a recent report.
Here are the year’s 10 worst government data breaches:
Houston, we have a problem. A laptop used by an employee at NASA’s Washington, D.C., headquarters was stolen from a parked car. The laptop was password-protected, but it contained unencrypted files of more than 10,000 NASA employees. Their information—names, birth dates, SSNs and background check details—was compromised. The space agency is reviewing its security policies.
9. North Carolina
Five password-protected laptops went missing from the Robeson County Board of Elections in Lumberton over the summer. Information on 71,000 voters was jeopardized. The computers were found, but it’s unclear if the information fell into the wrong hands. Impacted voters were encouraged to monitor their accounts and activate a free 90-day fraud alert.
A hacker group calling itself SpexSec hijacked 110,000 records that included names, SSNs and other personal information from the Clarksville-Montgomery County School System in mid-June. Current and former employees and students were impacted. The group claimed it had warned the school to adhere to basic network security policies.
The Wisconsin Department of Revenue mistakenly posted the Social Security and tax identification numbers of more than 110,000 people and businesses to a public website for three months. The incident marks a disturbing trend for the badger state: It’s the fourth time since 2009 that state agencies were involved in the public release of SSNs.
6. U.S. Navy
Hackers gained access to the U.S. Navy’s Smart Web Move system, which contains information on household moves within the Navy. The private information of 200,000 Navy personnel was compromised, although evidence showed that only 20 records were exposed online. Smart Web Move was taken offline permanently. The Navy already had plans to begin using another system.
5. South Carolina
In April, this state’s Department of Health & Human Services reported a data breach affecting 228,435 Medicaid beneficiaries. A former employee was arrested after stealing the records via email. The information included patient names, phone numbers, addresses, birth dates and Medicaid ID numbers, which contain the patient’s SSN.
The personal information of more than 700,000 home-care providers and recipients was compromised when payroll data was lost in the mail. The state Department of Social Services contracted with Hewlett Packard to handle some of its payroll data. Hewlett Packard mailed a package containing names, SSNs and wages that was damaged in transit.
Eastern European hackers pulled 780,000 Medicaid records from servers at Utah’s Department of Technology Services. In addition to Medicaid patients, recipients of the state’s Children’s Health Insurance Program were affected, which makes this case particularly troubling. Child identity theft often is discovered when the victim is an adult. It can lead to long-term financial repercussions.
Once again, state contractors played fast and loose with government information when several computer systems shipped by IBM to Iron Mountain in Colorado went missing. Roughly 800,000 adults and children in the state’s Department of Child Support Services were impacted when the devices containing their names, SSNs and other information were lost in transit.
1. South Carolina
The largest cyber attack against a state government put three-quarters of the state’s population at risk for identity fraud. A hacker stole a database from the state’s Department of Revenue, exposing 3.6 million SSNs and 387,000 payment card records. More than 657,000 businesses also were compromised.
Governments are far from immune to data breaches, so it’s on you to stay vigilant:
• Monitor your credit reports for fraudulent activity. Visit annualcreditreport.com to get a free copy from each of the three major credit bureaus.
• If you think you’re information was breached, place a fraud alert on those credit reports, so you’re alerted to any suspicious activity.
If you suspect your identity has been compromised, call your bank, credit union, insurer or membership organization. They may offer identity theft protection.
This article originally appeared on the Identity Theft 911 Blog.
Image: Marxchivist, via Flickr