Sensitive Navy info on 28,000 turns up on insecure Web site

WASHINGTON — Navy officials discovered personal data for nearly 28,000 sailors and family members was compromised when it appeared on a public Web site this week, fueling more concerns about the security of sensitive information on federal employees.

Five spreadsheet files of data — including names, birth dates and Social Security numbers of sailors and their relatives — were found exposed on a Web site Thursday night during routine internal sweeps of the Internet for sensitive material, said Lt. Justin Cole, a spokesman for the Chief of Naval Personnel. He said the material was removed from the site within two hours.

"It was information you don't want on a public Web site," Cole said. "But there was no indication it was being used for illegal purposes."

The potential security breach is one of several such losses of important personal data reported in Washington in recent weeks, part of an unusual string of thefts and Internet breaches that has compromised information belonging to millions of federal workers. Four other federal agencies have reported similar problems since early May.

The largest breach came May 9, when a Veterans Affairs laptop and external hard drive were stolen from a Maryland home, a theft that officials said included the personal information of up to 26.5 million veterans and active-duty military personnel. There was no indication the theft was targeting that information.

This week, the Agriculture Department reported that up to 26,000 employees had their data compromised by a hacker. A laptop containing data for 13,000 DC workers and retirees was stolen last week. The Energy Department reported this month that similar data for 1,500 employees might have been accessed by a hacker in September, and IRS officials said a laptop containing names, Social Security numbers and fingerprints of 291 employees and applications was misplaced in May.

In the Navy case, officials are unsure how the information ended up on an insecure Web site, and the Naval Criminal Investigative Service is looking into whether the person who posted it was supposed to have access to the data. Cole said it was possible the information was posted inadvertently.

Information

Sailors can contact the Navy Personnel Command call center to determine if their names were on the compromised list: 866-827-5672

Navy Personnel Command's Web site: www.npc.navy.mil

The Navy plans to contact the individuals affected and urge them to closely monitor their bank and credit-card accounts for fraudulent activity. Congress is considering a measure that would pay for credit monitoring for those affected by the VA data loss last month.

Rep. Ed Markey, D-Mass., on Friday called for the Defense Department to provide immediate free credit monitoring for sailors who may have been affected by the Internet posting.

In a letter to Defense Secretary Donald Rumsfeld, Markey said the incident "raises serious questions about the nature and adequacy of privacy protections afforded to active-duty military personnel, their families and military veterans."