After a virus has been found running on the network

Feb 4, 2009 09:24 GMT  ·  By

A government security contractor is in the process of notifying its employees that their personal information may have been stolen after a virus has compromised the security of its network. As a precaution, the company is offering free enrollment with a credit monitoring service to its workers.

SRA International is a firm headquartered in Fairfax, Virginia, which provides and maintains communication and tracking systems for military organizations and law enforcement agencies. The company has an estimated 6,600 employees at international level.

The firm has announced the security breach in a letter (PDF) to the Maryland Office of the Attorney General, as required by the legislation in the state of Maryland. "The SRA Information Technology Services (ITS) team recently discovered a virus on the SRA network that may have allowed the compromise of data," the notification reads.

SRA International informs that an investigation has been immediately launched, and that appropriate law enforcement agencies have been notified. The outbreak is currently contained and the IT staff is in the course of cleaning the affected systems, the contractor also notes.

Even though there is yet no concrete evidence that the personal details of the employees have been accessed without authorization, the company admits that this is a possibility. The data is said to include names, addresses, dates of birth, Social Security Numbers, and even health information of people enrolled in the benefits programs.

In addition to offering a free non-mandatory subscription with a credit monitoring website, the firm has also set up a special Web page with information regarding identity theft protection procedures, as well as an e-mail address where further questions can be submitted.

"Security is of paramount importance to SRA, and there are numerous safeguards in place to protect information. SRA is implementing additional safeguards intended to prevent a similar incident from occurring in the future," Nicole Betancourt, senior corporate paralegal for SRA International, explains.

The fact that a government contractor that sells and maintains systems to the National Security market, amongst others, has suffered a security breach that has put sensitive information at risk might sound at least ironic. However, it stands as proof that no type of organization is protected from threats of this type. Security incidents that involve such contractors are even more dangerous, if the companies happen to handle or process governmental data.