SRA International’s computer network was infected by a virus, which may have jeopardized some federal employees’ personal information, a company spokeswoman confirmed today.
The company warned the Maryland Attorney General’s office on Jan. 20 about the incident, as SRA estimated that nearly 1,400 Maryland residents' information may be affected because of the virus.
The breached information could include names, addresses, dates of birth, health information and Social Security numbers. Personal company computers with data from questionnaires related to employees’ security positions may have been exposed to unauthorized access too, according to SRA’s notification letter.
“At this time, we have not determined that any employee, customer or project data has been compromised, but we believe it is appropriate to notify them that data may have been subject to unauthorized access,” Sheila Blackwell, vice president of communications and public affairs at SRA International, said in a statement.
Along with all current and former employees, SRA decided to warn its customers, which include federal agencies in Maryland, Nicole Betancourt, the senior corporate paralegal at SRA, wrote to Maryland authorities.
The company also said the security issue may affect more than only SRA.
There is no indication that an employee caused the problem, but SRA is continuing to investigate the incident with its in-house information technology security team and its cybersecurity experts, according to the letter.
“SRA takes the security of personal data very seriously and is committed to minimizing the risks associated with the exposure of personal information,” Betancourt wrote.
SRA received $865 million in federal contracts in fiscal 2008, and $65 million worth of its federal business was conducted in Maryland that year. The National Institutes of Health was SRA’s largest customer in Maryland in 2008. SRA provided mainly program management support services to NIH for nearly half of the $65 million, according to USASpending.gov.