The U.S. Federal Aviation Administration has issued a press release announcing a serious data theft incident on one of its servers. The agency is in the process of notifying some 45,000 employees, whose personal details have been electronically stolen.
The Federal Aviation Administration is part of the U.S. Department of Transportation and is responsible with regulating the civil aviation by releasing standards and operating traffic control systems for both the civil and military aviation.
The agency notes that unidentified attackers have obtained unauthorized access to one of its computer servers. Amongst the 48 files stored on the system that were accessed, two contained personal information about people who had been on the agency's payroll for the last three years. This amounts to an impressive number of 45,000 employees.
The press release fails to specify when the security breach occurred or was discovered, but notes that "the FAA is moving quickly to prevent any similar incidents and has identified immediate steps as well as longer-term measures to further protect personal information."
As required by law, the agency is sending out notification letters to all of its employees. The statements point out that a toll free number, as well as a website containing information on identity theft protection have also been set up for concerned individuals.
The FAA notes that the security of its air traffic control system has not been compromised as a result of this incident. "The server that was accessed was not connected to the operation of the air traffic control system or any other FAA operational system, and the FAA has no indication those systems have been compromised in any way," is specified in the press release. The agency is assisting law enforcement agencies with the investigation into the security breach.
Data theft incidents affecting government institutions don't occur as frequently as in the private sector, but they are not uncommon. We previously reported about not one, but three USB hard drives being stolen from the Royal Air Force Base in Innsworth, UK. The drives contained personal details of active and retired military personnel. The incident affected an estimated number of 50,000 individuals who served in the Royal Air Force.
Government institutions don't only have problems with securing the information of their own employees, but also of the general public. A recent audit performed by the Government Accountability Office regarding the security of the computer network of the Internal Revenue Service (IRS) concluded that taxpayer information was being put at risk due to various weaknesses found. Another audit performed last year by the Treasury Inspector General for Tax Administration (TIGTA), revealed 2,093 insecure web servers on the IRS network.