Department of Homeland Security (DHS) documents concerning this year’s Super Bowl were found discarded in the seat pocket of a commercial aircraft weeks before the annual game.
CNN reported that the sensitive documents – detailing a terrorism drill undertaken in preparation for the Super Bowl – were found by one of its employees, and included the phrases “important for national security” and “For Official Use Only.”
The documents were accompanied by other sensitive material, such as the travel itinerary and boarding pass of the government scientist in charge of BioWatch, the security program that carried out anthrax drills before the game.
The documents were based on exercises designed to evaluate the ability of emergency management officials to engage in a coordinated response should a biological attack be carried out at the U.S. Bank Stadium on Super Bowl Sunday.
The exercises identified several areas for improvement, and raised concerns that “some local law enforcement and emergency management agencies possess only a cursory knowledge of the BioWatch program and its mission.”
CNN refrained from publishing its report until Sunday as doing so before the game could have posed a threat to security.
Former DHS official and CNN contributor Juliette Kayyem remarked that the misplacement of the documents was “a really stupid thing.”
“Who knows who else could have picked this up,” she said.
“The biggest consequence of this mistake may have less to do with terrorists knowing our vulnerabilities and more to do with confidence in the Department of Homeland Security. In the end, confidence in the federal government at a time of crisis is what the American public deserves.”
A DHS official said the missing documents were the subject of an “operational review” and that “DHS does not comment on personnel matters or potential pending personnel action.”
Data security affects organizations of all sizes
The incident demonstrates how one careless move can expose confidential information and potentially endanger lives. Any organization that compromises the personal data it processes should be held accountable. Fines, imprisonment, reputational loss, and nosediving stock values are just some of the consequences of a data breach.
Increasingly, stringent data security laws and regulations – both in the US and internationally – combined with a rapidly evolving cyber threat landscape call for stronger, smarter, and more robust data security solutions.
Security teams are constantly challenged to protect their company information and comply with a growing list of state and federal laws and regulations, which require information security measures to avoid data breaches.
Free ISO 27001 webinar: How to overcome your data security compliance challenges
In this webinar you will learn how an information security management system (ISMS) can help you mitigate breaches and meet a host of regulatory and legal data security compliance requirements. The webinar covers:
- The cyber risk landscape and the latest cybersecurity and data protection laws
- How to achieve compliance and reduce your liability in the event of a data breach
- The link between information security and cybersecurity
- The top risks that result in data breaches
- How an ISMS works
- How ISO 27001 compliance can help you improve your information security posture