Senate Dem wants answers on reported Booz Allen leak
Sen. Claire McCaskill (D-Mo.) wants answers from Booz Allen Hamilton about its security posture and ability to manage sensitive intelligence data.
Sen. Claire McCaskill wants a prominent government contractor to answer allegations of security breaches.
The ranking member of the Senate Homeland Security and Government Affairs Committee wants answers from Booz Allen Hamilton about its security posture and ability to manage sensitive intelligence data.
In the wake of reports that an employee of the government contractor could be involved in another leak of sensitive information, Sen. Claire McCaskill (D-Mo.) wrote a letter to the company's CEO, Horacio Rozanski, asking about its ability to protect government data.
On May 24, a cyber risk analyst at UpGuard discovered sensitive federal data in an unsecured Amazon Web Services S3 bucket, apparently uploaded by a Booz Allen employee. The information was related to the National Geospatial-Intelligence Agency and could have been uploaded inadvertently.
Specifically, McCaskill asked Rozanski about the steps the company has taken to investigate how the information became available on a publicly accessible server, if it has determined whether any internal policies or protocols were violated and what actions the company has taken against those responsible for the breach.
The reported leaks raise "questions about the security protocols that [the company] has in place to prevent these types of occurrences," she wrote. "This is just the latest incident where [the company's] ability to manage sensitive information has come into question, including the theft of classified information by… [Booz Allen] employees working under federal contracts."
Edward Snowden and Hal Martin, contractors whose names have become synonymous with leaking sensitive information, were also Booz Allen contractors.
"It's of vital importance that no one can gain unauthorized access to national security information -- but Booz Allen Hamilton put passwords and other sensitive information out there for the world to see," McCaskill said in a statement. "This isn't the first serious incident involving this company, and it's critical we understand what they're doing to end this pattern."
The senator requested a response by July 26.