By Hope Yen
WASHINGTON -- The government agency charged with fighting identity
theft said Thursday it had lost two government laptops containing
sensitive personal data, the latest in a series of breaches
encompassing millions of people.
The Federal Trade Commission said it would provide free credit
monitoring for 110 people targeted for investigation whose names,
addresses, Social Security numbers and in some instances, financial
account numbers were taken from an FTC attorney's locked car.
The car theft occurred about 10 days ago. Many of the people whose
data were compromised were being investigated for possible fraud and
identity theft, said Joel Winston, associate director of the FTC's
Division of Privacy and Identity Theft Protection.
The disclosure comes amid a widening data breach that is expected to
cost the government hundreds of millions of dollars. In all, five
government agencies have reported data theft, including the Veterans
Affairs Department, which on May 22 acknowledged losing data on up to
26.5 million veterans.
At the Agriculture Department, a hacker who broke into the computer
system, obtaining names, Social Security numbers and photos of 26,000
Washington-area employees and contractors.
At Health and Human Services, personal information for nearly 17,000
Medicare beneficiaries may have been compromised in April when an
insurance company employee called up the data through a hotel computer
and failed to delete the file.
At Energy, Social Security numbers and other data for nearly 1,500
people working for the National Nuclear Security Administration may
have been compromised when a hacker gained entry to its computer
system last fall.
On Thursday, a House panel was cautioned that credit monitoring alone
may not be enough to protect Americans whose names, birth dates and
Social Security numbers were compromised at the hands of the
During the House hearing Thursday, Mike Cook, a co-founder of a
company specializing in data breaches, said identity-theft victims
typically don't become aware they've been hurt until six months after
their data was stolen, when creditors come calling for money owed.
At that point, it's likely the thieves will have moved on having made
just a few purchases so they don't attract notice and started using
another victim's information.
As a result, a credit monitoring service would raise a red flag after
it was too late, Cook said. He said data analysis technology was
available to help identity theft as it occurs, particularly in the
typical cases in which thieves use stolen identities to fraudulently
obtain credit cards and then make purchases.
Associated Press writer Libby Quaid contributed to this report.
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.