Davis: Agencies may be underreporting data losses
The most recent report of data loss is the theft of an Army computer containing personal information on 4,600 ROTC scholarship applicants, he said.
Editor's note:This story was updated at 10:20 a.m. Nov. 3. Please go to Corrections & Clarifications to see what has changed.
Rep. Tom Davis (R-Va.) says agencies may be underreporting their computer thefts.
During a luncheon address today at an Information Technology Association of America security conference at Computer Sciences Corp. headquarters in Falls Church, Va., Davis revealed the latest laptop computer theft as reported to the House Government Reform Committee, which he chairs: an Army computer that contained the Social Security numbers and personal information of 4,600 Reserve Officers Training Corps scholarship applicants.
Davis said this was the first theft the Army has reported. Other agencies that reported few thefts include the Justice Department, which reported two thefts, and the departments of Housing and Urban Development and State, which reported one theft each.
Davis said he wonders if the agencies were “lucky, good or maybe...incomplete in their reports.”
“Congress and the public wouldn't have learned about these events unless we went proactively at the information,” he said. “This history of withholding events needs to stop.”
He added that he would follow-up with agencies that reported few thefts to ensure that they properly reported losses.
The Army’s revelation comes three months after Davis introduced legislation to prevent data breaches. The Commerce Department has had the most reported data loss. It reported 1,138 missing laptops in the past five years, the majority of which belonged to the Census Bureau.
About half of Census' computers were lost because of employees who didn't return them when they stopped working there, Davis said.
Earlier at the conference, Karen Evans, administrator for e-government and IT at the Office of Management and Budget, said agencies reported a total of 338 incidents of personally identifiable information loss between July and Sept. 30.