Cyber Thefts

Title: Laptop With Data On Millions Of Vets Stolen From VA Employee's Home
Date: May 22, 2006
Source: Government Executive 

Personal information, including Social Security numbers, of possibly every living U.S. veteran discharged since 1975 was stolen earlier this month from the home of a Veterans Affairs employee, the department announced Monday.

The employee took the electronic data without authorization, Veterans Affairs Secretary Jim Nicholson said. Sources said the employee, now placed on administrative leave, worked in the Policy and Planning Group at department headquarters and was performing a statistical analysis on the data as part of an annual department study on veteran population demographics.

The data also contained the names, dates of birth and some disability ratings for up to 26.5 million veterans and some of their spouses, according to a VA statement. The stolen data does not contain medical records, the department said, adding that the FBI and the department's inspector general have mounted investigations.

While the data does not appear to have been deliberately targeted in the theft, the VA is notifying all possibly affected veterans and setting up a special toll-free hotline, 1-800-333-4636. It has also set up a Web site.

VA is in the process of finalizing a contract with the General Services Administration for call-center operations to handle the toll-free calls, GSA spokeswoman M.J. Pizzella said. The department is preparing to spend up to $11 million on the contract, and call volumes could reach tens of thousands of calls per hour, a source said. Pizzella would not confirm those numbers.

The department could have avoided this had the employee followed departmental procedure, said Robert McFarland, who stepped down in April as VA assistant secretary for information and technology. Data removed from computer systems onto devices such as laptops should be encrypted, he said.

"If it was encrypted, then it's going to be useless to anybody, but [the department] doesn't say it was encrypted," he said. Sources said it's probable that the information had been kept in a legacy system that couldn't have been accessed online through a secure virtual private network connection, which is why the employee manually downloaded the data.

"There's a lot of old systems there," McFarland said.

This isn't the first time the department has run into trouble with misplaced veterans' data. In fall 2002, a VA medical center in Indianapolis sold and donated old computers without first wiping their hard drives clean. The new owners found medical information and credit card numbers on the discarded computers.

Sen. Larry Craig, R-Idaho, chairman of the Senate Veterans' Affairs Committee, said he will hold hearings on the latest incident, and may not wait until the investigation is complete before looking into the matter. "It is a phenomenally loud wake-up call to our government as it relates to how sensitive information is handled," he told Government Executive.

Rep. Steve Buyer, R-Ind., chairman of the House Veterans' Affairs Committee, released a statement saying his panel will likewise examine the incident, in "the context of previous data compromises."

VA officials have ordered all employees to complete a cybersecurity awareness and a privacy training course by June 30. In addition, the department is conducting an inventory and review of all positions requiring access to sensitive information. Employees with such access will have to undergo an updated background check (Government Executive, 2006).  

Title: Military Laptop Stolen From McDonald's As 'Army Captain Eats A Big Mac'
 April 12, 2008
 Daily Mail 

AbstractA military laptop was stolen from McDonald's as an army captain ate a Big Mac, it has emerged.

An opportunist thief snatched the £1,000 computer from under the captain's chair as he tucked in to a burger, according to the Sun.

Police have launched an investigation into the theft on April 1 from the fast food restaurant on Whitehall, near the Ministry of Defence.

The MoD has confirmed the incident, but said the computer contained no sensitive information and was encrypted.

A spokesman said: "The laptop contained no sensitive information and was encrypted with password protection.

"Police are still investigating the theft."

The theft was despite the Government tightening rules on employees taking their computers out of work after a series of data-loss scandals.

Personal details of more than 600,000 military recruits went missing in January when a MoD laptop was stolen from a car in Birmingham.

It has also emerged that around 600 MoD laptops and PCs had been stolen since 1998.

Whitehall staff are now banned from taking unencrypted laptops or drives containing personal data outside secured office premises (Daily Mail, 2008)

Title: More Than 700 MoD Laptops Lost Or Stolen
Date: July 18, 2008
Source: The Sunday Times

The Ministry of Defence has been accused of “shocking incompetence” after it was forced to admit that 747 laptops and 131 of its computer memory sticks have been lost or stolen in the past four years.

The latest admission is almost double the number of laptops the government department had already admitted to having stolen after a series of breaches of security.

The MoD also admitted that 26 portable memory sticks containing classified information had been either stolen or misplaced since January.

The Liberal Democrats condemned the latest security breaches, which happened despite a cross-Whitehall drive to tighten procedures, as evidence of incompetence.

Sarah Teather, Liberal Democrat MP for Brent East, said: “It seems that this Government simply cannot be trusted with keeping sensitive information safe.

“It is frightening to think that secret MoD information can be lost or stolen.

“How can they expect us to trust them to keep our personal information safe in their unnecessary and expensive ID card scheme?”

However, the MoD insisted that its policies were “generally fit for purpose”, and said all data losses were fully investigated.

At least three of the 26 laptops stolen this year contained information classified as “secret” and 19 had data which should have been “restricted”.

In January a Royal Navy computer was stolen that contained passport, National Insurance and driver’s licence numbers, family details and NHS numbers for about 153,000 people who applied to join the armed forces and banking details of around 3,700.

The breaches of data security by the MoD follow the exposure last year of a catastrophic failure to maintain privacy by HM Revenue & Customs when the department lost CD-Roms containing details of 25 million Britons.

The latest embarrassing details were disclosed by ministers in response to questions tabled in Parliament. Previously the MoD had confessed to 347 laptops being stolen between 2004 and 2007. But Defence Secretary Des Browne was forced to issue revised figures after “anomalies in the reporting process” were discovered.

The official total is now 658 laptops stolen, with another 89 lost. Just 32 have been recovered.

In a separate response, ministers said that 131 of the department’s USB memory sticks had been taken or misplaced since 2004.

Last month the MoD was heavily criticised by a review of its data procedures which warned that basic security discipline had been forgotten and there was “little awareness” of the danger of losing information.

But a spokeswoman for the department said today: “Any loss of data is investigated fully.

“The recent report on data losses by Sir Edmund Burton found that MoD policies and procedures are generally fit for purpose, but also identified a number of areas where MoD needs to do better in protecting personal data.

“MoD has developed, and is now working through, an action plan to address all of the report’s recommendations and bring the department’s handling of personal data to an acceptable state” (The Sunday Times, 2008).

Title: 28 MoD Laptops Stolen Since January As Figures Reveal One Goes Missing Every Five Days
Date: May 14, 2009
Source: Daily Mail 

Abstract: A laptop is going missing from the Ministry of Defence every five days, it emerged tonight.

Figures show 28 laptops were lost or stolen from the department since the start of the year, despite a ministerial assurance that 'robust procedures' are in place to 'mitigate against such circumstances'.

Between January 1 and May 11, 20 memory sticks and four personal computers also went missing from the MoD, while a ministerial special adviser also lost a BlackBerry.

In a written parliamentary reply, Armed Forces Minister Bob Ainsworth said: 'The MoD takes any loss of information and associated media storage devices very seriously and has robust procedures in place to mitigate against such occurrences.

'New processes, instructions and technological aids are also being implemented to mitigate human errors and raise awareness of every individual in the department.'

The MoD has come under scrutiny before over lost electrical devices, having lost 440 - including 217 laptops - in 2008 (Daily Mail, 2009)

Title: Stolen Laptop Holds Army Guard Members' Data
Date: August 5, 2009
Source: MSNBC

AbstractThe National Guard says about 131,000 former and current Army Guard members' personal data may be at risk because of the theft of a contractor's laptop.

Those who who could be affected will be notified with an official letter, said Randy Noller, a spokesman for the National Guard Bureau.

The laptop, owned by an Army Guard contractor was stolen July 27, Noller said. The computer holds personal information on soldiers enrolled in the Army National Guard Bonus and Incentives Program. The data includes names, Social Security numbers, incentive payment amounts and payment dates

The National Guard Bureau has set up a special Web page, and the Army Guard has a toll-free call center available from 7 a.m. to 11 p.m. EST, Monday through Friday at 877-481-4957.

The Web site provides steps on how to check credit reports, how to guard against identity theft and who to call if a guard member believes any fraudulent activity occurs with his or her personal information.

Noller told military newspaper Stars and Stripes that officials don’t have any indication yet that the information has been used to open new credit cards or go after soldiers’ bank accounts.

“At least for now, it just looks like somebody wanted to steal a laptop,” he told the newspaper “There’s no evidence that anything has been compromised, but we didn’t want to wait to notify our members about the possible threat” (MSNBC, 2009).

Title: Another Breach: Military Laptop Stolen
Date: December 17, 2009
Source: CNN

The personal records of thousands of soldiers, employees and their families were potentially exposed after a laptop computer containing the information was stolen over the Thanksgiving holiday weekend, the military says.

But information security experts for the Army say it's unlikely that the information will be compromised because the data are guarded by three layers of security and encryption passwords.

The security breach happened when the rental apartment of an employee with the Morale, Welfare, and Recreation Academy was burglarized in Clermont, Florida, officials said. The theft was reported to local police November 28, but the military was not notified until the employee returned to work three days later.

Military officials say the employee was using the laptop for remote training courses, and it has not been determined whether any protocol was breached.

The computer contained "names and personally identifiable information for slightly more than 42,000 Fort Belvoir Morale, Welfare and Recreation patrons," according to a posting on the Web site for the fort, which is in Virginia.

CNN obtained the notification letter sent, almost two weeks later, to those affected. It says, in part, that the alleged compromised  information "includes your name, Social Security number, home address, date of birth, encrypted credit card information, personal e-mail address, personal telephone numbers, and family member information."

The letter recommends steps to guard against the possibility of identity theft.

The military says the lag in notification time was because of a policy requiring risk assessment before alerting those affected.

The Family and Morale, Welfare, and Recreation Command operates facilities such as child care centers, bowling centers and outdoor recreation facilities. Those facilities are available to anyone with a military ID, which includes active-duty troops, Department of Defense civilians, family members and retirees.

This isn't the first time a missing laptop has resulted in a potential security breach for the military.

In 2006, a Veterans Affairs Department analyst lost a laptop computer that contained the Social Security numbers and other personal data for more than 26 million veterans and active duty troops.

That incident, in addition to other major data breaches, prompted a national call for protection of personal information. A bill currently under consideration in the Senate would put more protections in place (CNN, 2009)

Title: Thousands Of Laptops Stolen During 9-hour Heist
Date: July 13, 2010
Source: CBS News

Abstract: Thousands of laptops have been stolen from the Florida office of a private contractor for the U.S. military's Special Operations Command. Surveillance cameras caught up to seven people loading the computers into two trucks for nine hours. U.S. Special Operations Command coordinates the activities of elite units from the Army, Navy, Air Force and Marines

A spokeswoman said Tuesday that none of the stolen laptops contained military information or software. The Virginia-based company iGov was awarded a $450 million contract earlier this year to supply mobile technology services linking special operations troops worldwide. A company executive says iGov is cooperating with authorities and the March 6 break-in at its Tampa facility remains under investigation (CBS News, 2010).

Title: Laptop With Artwork For Super Bowl Credentials Is Stolen
Date: January 15, 2011

AbstractA laptop computer containing NFL and Super Bowl XLV artwork that was to be used on credentials was stolen 
(Star-Telegram, 2011)

Title: NFL Laptops With Encryption Software Stolen
Date: January 30, 2011
Alertsec Express 

AbstractTwo more National Football League (NFL) employee’s laptops have been stolen at the Dallas Convention Center on Sunday. The stolen laptops belonged to a private investigator and a security consultant based in California…These laptops not only stored sensitive information but also not protected with encryption software...A similar incident happened earlier this month...According to Arlington police, several thumb drives and security credential artwork were also stolen with the laptop 
(Alertsec Xpress, 2011).

Title: Man Charged In $7.4M Military-Laptop Theft
Date: February 17, 2011
Source: UPI

The alleged ringleader of a $7.4 million theft of military laptops was arrested after a McDonald's drive-through camera took his video, Florida police said.

Rolando Coca, 55, the reputed head of a Miami crime family, allegedly drove to a Tampa McDonald's restaurant midway through the 10-hour heist of U.S. military contractor iGov Technologies Inc., and the restaurant's security camera recorded his face, red Lincoln Navigator and the sport utility vehicle's license plate, Hillsborough County, Fla., Sheriff David Gee said.

"That's really one of the things that broke the case for us," Gee said at a news conference.

FBI officials already investigating Coca in connection with other cargo thefts immediately recognized him on the video and arrested him in the Miami area Jan. 25, Gee said, The St. Petersburg (Fla.) Times reported.

Coca allegedly masterminded the March 6 heist, in which two men climbed a ladder, cut a hole in iGov's roof, rappelled two stories down into the warehouse and cut the security systems, Gee said.

About 10 people who later arrived for the overnight burglary started loading the laptops into two semitrailer trucks that later headed for Miami, a popular hub for stolen cargo, he said.

"This was very choreographed and conducted at a very high skill level," Gee said. "They've obviously done this before."

Authorities recovered nearly 2,000 laptops, worth about $4.7 million, in an abandoned Miami warehouse and found other computers in smaller quantities on the eBay online auction Web site and

The FBI separately arrested suspect Emil Benitez in a sting shortly after the alleged robbery when agents set up a deal to pay $50,000 for some of the laptops, the Times reported.

Benitez was sentenced to two years in federal prison in August.

The laptops contained no sensitive information, military officials said (UPI, 2011).

Title: DC Police Seeking 5 People In Computer Equipment Burglary At Brightwood Elementary School
November 28, 2012
My Fox DC

Police in Washington are asking for the public's help in identifying five people who stole computer equipment from a city school.

The Metropolitan Police Department says the burglary happened Friday at the Brightwood Elementary School in northwest Washington.

Schools were closed Friday in the city for the Thanksgiving holiday, but police say that just after 1 p.m. five people entered the school and carried off several pieces of computer equipment.

Police released a video showing the five walking down a corridor in the school, all of them wearing what appeared to be hooded sweatshirts or jackets (My Fox DC, 2012).