Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The US Department of Defense is facing a $4.9 billion class-action lawsuit stemming from the breach of computer backup tapes containing the personal information of nearly five million current and former US soldiers.
The data was stolen from unencrypted backup tapes stored inside a car.
The lawsuit was filed last week in US District Court in Washington by four individuals whose information was compromised.
It seeks $1000 in damages for all 4.9 million individuals affected by the incident.
The suit charges that defendants Tricare, a health insurance provider for military personnel and their families, as well as the Defense Department and Leon Panetta, the agency's secretary, violated individuals' privacy rights by failing to protect the stolen information from unauthorised disclosure.
The suit contends that the defendants failed to properly encrypt the data, then “intentionally, willfully and recklessly” allowed an untrained individual to access the information.
Making matters worse, the defendants then authorised this worker to take the data off government premises.
According to the suit, the defendants violated the US Privacy Act that governs the collection, maintenance, use and dissemination of personally identifiable information maintained by federal agencies, as well as other privacy laws.
The breach, first disclosed in late September, affected those who, from 1992 to 7 September this year, sought care at military treatment facilities in the San Antonio, Texas area.
The stolen data belonged to Tricare, but had been entrusted to Science Applications International Corp. (SAIC), a high-tech defense contractor.
The tapes were stolen from a SAIC employee's car. SAIC was not named as a defendant in the lawsuit.
The stolen data included Social Security numbers, addresses and phone numbers, in addition to health assets, such as clinical notes, lab test reports and prescription information.
The plaintiffs of the suit are an Air Force veteran, a military spouse and her two children, all of whom received insurance through Tricare.
Because of the breach, the defendants suffered emotionally and lost money as a result of having to purchase credit monitoring solutions.
Tricare downplayed the impact of the breach in September, noting that the risk of harm to affected individuals was “low” since retrieving data off the tapes would necessitate “knowledge of and access to specific hardware and software, and knowledge of the system and data structure.”
A Defense Department spokesman did not respond to a request for comment on Monday.
This article originally appeared at scmagasineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.