Defense Contractor Sued Over Theft of Personal Data

Robbins Umeda LLP and Blood Hurst, & O’Reardon LLP, law firms with local offices, have filed a class action suit against government contractor Science Applications International Corporation (SAIC) on behalf of retired Marine Colonel Mark Losack and others.

The suit, filed in San Diego County Superior Court, alleges SAIC lost or otherwise compromised personal information and protected medical data on 4.9 million members of the military, military retirees, and their families.

SAIC, until 2009 headquartered in San Diego, is a large scale provider of technical and information technology services to the Department of Defense.

Last September, according to the complaint, data backup tapes with information dating back to 1992 were stolen from an SAIC employee while in transit from one work site to another. Information compromised included “Social Security numbers, addresses, telephone numbers, diagnoses, treatment information, provider names, provider locations, clinical notes, lab test results, prescription information, and other information,” on patients receiving treatment from TRICARE, the health services provider for U.S. uniformed service members.

The tapes in question were stolen from the personal vehicle of an SAIC employee that had been parked unattended for a period of over eight hours on September 14 in San Antonio, Texas, during which the tapes went missing. Plaintiffs allege that this method of transportation, described by SAIC as “routine procedure,” showed an insufficient exercise of caution on behalf of the company, given that the tapes were not encrypted, transported in a company vehicle, or kept under supervision during their transit.

This also isn’t the first time such a security breach has occurred. The complaint alleges at least six other incidents in recent years that have compromised personal information. These include a 2005 incident in San Diego where thieves stole a computer containing personal information, an incident where data was transmitted through an unsecured internet channel and intercepted, and another large-scale loss of data backup tapes in June 2010.

The plaintiff argues that SAIC was also negligent in informing him of the data loss, after having learned of the incident on September 14 and announcing it publicly on September 28. Losack, however, was not informed that the information lost, which could be used for the purpose of identity theft, had gone missing until a letter to him dated November 11.

It’s alleged that at present the company still has not notified all parties whose personal data could have been compromised. California state law requires that victims of a company’s data loss must be notified “in the most expedient time possible and without unreasonable delay.”

In addition to seeking damages, the suit seeks to force SAIC to implement a more secure data management policy.

Pictured: Col. Losack in Iraq

More like this:


Log in to comment

Skip Ad

SD Reader Newsletters

Join our newsletter list and enter to win a $25 gift card to The Broken Yolk Cafe!

Each subscription means another chance to win!