Thieves fail in attempt to access laptop information

Northwest Guardian

Stolen Army computer equipment was recovered by local police last week, apparently without the thieves being able to access personal information the devices stored.

A laptop computer, and an external hard drive that contained the personal information of about 900 Fort Lewis Soldiers, were stolen from a Fort Lewis civilian employee. The employee took the computer home and it was stolen on July 3.

According to the Fort Lewis Criminal Investigation Command, the computer and hard drive have been examined by computer forensics experts. The theives apparently tried to access files on the laptop, but were unsuccessful, and the external hard drive containing the Soldiers’ information had not been accessed since the last time it had been used by the Fort Lewis employee.

“It’s also worth noting that the routine security measures installed on the laptop computer prevented the efforts of the robbers to get access to the laptop,” said J.C. Mathews, the garrison public affairs officer. “We’re grateful for the efforts of the Lacey and Tumwater police departments and all who were involved in the safe recovery of this equipment and these Soldiers’ information.”

Officials say the civilian employee was working with the computer at a location on Fort Lewis other than his office. At the end of his workday he took the computer home rather than return it to his office.

The computer and external hard drive were stolen from the employee’s car between 9 p.m. July 3 and 8:30 a.m. July 4. It was reported stolen to the Lacey Police Department as soon as the employee discovered it was missing.

Policy allows employees to sign for government equipment and take it away from the workplace under certain circumstances.

However, in this case, officials say, it is clear that Army standards and policy were not followed.

Any laptop computer, mobile computing device or removable storage media that processes or stores electronic records containing personal information on 25 or more individuals on a single device is normally restricted to DOD workplaces. However, when needs require removal from the workplace, the device shall:

(1) Be signed in and out with a supervising official designated in writing by senior leadership.

(2) Be configured to require DOD authentication for logon.

(3) Be set to implement screen lock with a specified period of inactivity not to exceed 15 minutes when possible. (4) Have all personal information encrypted.

According to Tom Knight, the deputy garrison commander, new measures have been implemented to prevent a repetition.

“We are conducting an internal investigation right now; however, it is apparent that Army standards and policy regarding protection of this information were not followed,” he said. “We are making immediate changes to step up enforcement of these policies to prevent this from happening again.”

Measures already established include additional training requirements on handling of personal information, information assurance, and computer user responsibilities for military personnel staff; crafting a personnel office memo for each employee to sign acknowledging responsibilities for safeguarding equipment, personal information, and reporting requirements; instituting a control log and enforcement mechanism for tracking equipment and personal information.

Additional long term measures may be taken as more is learned about this incident. Information about the Soldiers or the unit affected by the theft was not released.

“Protecting the privacy of the individuals involved is our primary concern,” Mathews said, “and we would rather not exacerbate the problem.”