SAIC Break-in Stresses Intertwined Nature of Physical and IT Security

A break-in at a government contractor's offices has opened 45,000 former and current employees and stockholders up to identity theft.

In the break-in, which occurred at Science Applications International (SAIC), thieves grabbed SAIC computers that are believed to have contained personal data such as social security numbers.

The company, which experienced the break-in at one of its facilities on Jan. 25 in San Diego, saw the loss of information from numerous computers that were stolen. The computers included private data on stockholders according to an annoucement SAIC made on its website and released to its stock-holder community of the employee-owned company.

According to SAIC, "the stolen computers contained personal information of current and former stockholders, including name, social security number, address, telephone number and stockholder records, including shares bought, sold and held."

The break-in surprised many, especially since much of SAIC's work involved security consulting for the Department of Homeland Security and information security. In a Washington Post article, Iraq weapons inspector David Kay, who was one of the former executives at SAIC and a subsequent victim of the crime, asked why a company whose duties entailed national security would operate in a manner that simply allowed thieves to break windows and steal the company's computers.

This crime event, which occurred at a building that had surveillance cameras, reminds security directors that often the target of a physical break-in will be IT assets. SAIC has been busy since that break-in to reconstruct data and alert its stockholders -- many of whom hold government security clearances -- of the theft of their personal information. It is still not known whether the break-in was for the theft of data or a simple robbery of resalable hardware.