Hacker exposes 26,000 to ID fraud risk

Personal information on about 26,000 Washington, DC-area employees and contractors of the US Department of Agriculture may be at risk after a hacking incident earlier this month, officials said on Wednesday.

It's still unknown whether the hacker actually managed to obtain the names, Social Security numbers and photographs of the individuals whose information was housed on the affected database, the agency said. The database also contained information that is "readily available to the public" but no financial or health records.

Agriculture secretary Mike Johanns ordered that anyone potentially affected be notified by email and in writing. Those employees are also eligible for a year's worth of free credit monitoring services.

The federal agency's cyber security staff noticed suspicious activity on a couple of its machines during the weekend of 3 June, indicating that an outsider was trying to gain illegal access. When staff members first notified Johanns of the incident three days later, they assured him that the personal information had sufficient protections to dispel concerns about identity theft.

The agency said in a statement: "However, subsequent forensic analysis leaves uncertain whether personal information was protected."

The breach marks the latest in a string of incidents in which employees and contractors of federal agencies have found their personal information potentially at risk.

The US Federal Trade Commission (FTC) on Thursday said approximately 110 individuals might be at risk of identity fraud after two FTC laptops were stolen from a locked vehicle. One of the computers contained data collected in FTC investigations, including addresses, Social Security numbers, dates of birth, and financial account numbers, the FTC said in a statement. Some of the at-risk individuals are defendants in current and past FTC cases, the agency said, adding it will offer one year of free credit monitoring services.

The most high-profile news, by far, came from the US Department of Veterans Affairs. That agency reported late last month that personal data on as many as 26.5 million veterans - a category later revised to include nearly two million active-duty military, National Guard, and Reserve personnel - resided on government-owned computer equipment stolen from a VA analyst's home. It remains unclear whether the thieves have used that data for illicit purposes.

Less than two weeks ago, the US Department of Energy informed members of Congress that a hacking incident last September resulted in the theft of the names, birth dates and Social Security numbers of 1,500 people working for its nuclear security division.

CNET News.com's Joris Evers contributed to this story

Anne Broache writes for CNET News.com