Reports have recently surfaced that the US National Archives recently lost over a terabyte of personal information on an unencrypted hard disk drive. This information is said to have contained highly sensitive details such as social security numbers, personal addresses and also highly classified procedural data regarding White house and secret service operations.

Reportedly, this disk went missing some time ago during building renovations and the FBI is apparently only now conducting a criminal investigation, even though reports state that the drive went missing over 5 month period.
This could essentially make it impossible to track down the source of the loss, and it also begs the question to be asked – “Why did it take so long to notice?”

Statistically speaking, a one terabyte hard drive could contain information on over half a million citizens and for security reasons; the National Archives are not being fully transparent as to the full details of this loss.
This is just another example of how governments continue to fail with nonsensical approach to data security. The fact at the matter is that the Information security professionals responsible for the US national archives should be held partially responsible for this loss.

Security experts have publically deplored the loss stating that there is no reason why a government department such as the National Archives should not have rugged security policy. The above-mentioned breach is illustrative of something a small company may suffer from, but given the sensitivity of the data on this device, some level of disk encryption should have been used as a precautionary measure.

This is just an example of how there is very little in the way of laws to protect sensitive data. Whilst the government managed to lose 1TB this time, it is not the first time that data has been lost or stolen.

It will also not be the last.