Stolen personal data not significant enough to report?

From Good Morning Silicon Valley

On Friday, officials from The National Nuclear Security Administration told a House oversight committee that a malicious hacker stole a computer file containing the names and Social Security numbers of 1,500 employees of the Energy Department’s nuclear weapons agency. The theft was detected last September, but no one bothered to report it to senior officials until late last week. NNSA Administrator Linton Brooks blamed the cockup on “bureaucratic confusion.” “It appears that each side of that organization assumed that the other side had made the appropriate notification,” Brooks told the House energy panel’s oversight and investigations subcommittee. “Just as the secretary just learned about this week, I learned this week that the secretary didn’t know. There are a number of us who in hindsight should have done things differently on informing.” That explanation didn’t fly with Rep. Joe Barton, the chairman of the Energy and Commerce Committee, though. “That’s hogwash,” Rep. Barton told Brooks. “You report directly to the secretary. You meet with him or the deputy every day…. You had a major breach of your own security and yet you didn’t inform the secretary,” adding “you should be removed from your office as expeditiously as possible. And I mean like 5 o’clock this afternoon.”

Fact 1: The NNSA is a semi-autonomous arm of the Energy Department and also guards some of the U.S. military’s nuclear secrets and responds to global nuclear and radiological emergencies.

Fact 2: Earlier this week the Pentagon revealed that personal information on about 2.2 million active-duty, National Guard and Reserve troops was stolen last month from a government employee’s house.