(Recasts, adds details from Navy investigation)
By Andrea Shalal-Esa
WASHINGTON, March 2 (Reuters) - Engineering documents about one of two types of helicopters in the U.S. presidential fleet were found on a computer in Iran after they were inadvertently disclosed by an American defense industry executive last year, according to a cybersecurity company.
The defense contractor and the U.S. government are investigating the incident, said Keith Tagliaferri, director of operations at Tiversa, a Pennsylvania-based company that monitors data breaches linked to peer-to-peer file sharing.
Tagliaferri declined to name the U.S. contractor or give any information about the identity of the Iranian computer where the file was found on Feb. 25.
Pentagon spokesman Geoff Morrell said the government was notified about the data disclosure last summer and fully investigated it. He stressed the data was not classified and involved the VH-60 helicopter built by Sikorsky Aircraft Corp, a unit of United Technologies Corp (UTX.N).
The VH-60 is used to carry White House staff and guests, not the president. A larger Sikorsky helicopter, the V-3, is the model used for the president.
“The information should not have been released, but it did not involve any helicopters that transport the president,” Morrell said. The presidential helicopters are operated by the Marine Corps, a part of the Navy.
President Barack Obama has expressed grave concern about cybersecurity issues, and has ordered a 60-day review of computer security efforts across the federal government.
Tiversa said it notified the Bethesda, Maryland-based company reponsible immediately after the data breach was discovered, and the company alerted the U.S. government.
Navy spokesman Lt. Clay Doss said an internal review conducted in June 2008 found that all the documents were marked either unclassified or “for official government use only,” but they were relatively dated and “not particularly sensitive.”
He said cost data in the documents, part of a cockpit upgrade for the current fleet of VH-60N helicopters, would have a minor impact on future contract awards. The documents did not include critical technical data and the risk of someone using the data to harm the helicopters was “very low,” he said.
The findings were provided to the Naval Criminal Investigative Service and the Defense Security Service for appropriate action, he said, declining comment to name the company involved or whether any charges were filed.
The data breach did not involve the new generation of presidential helicopter being developed by Lockheed Martin Corp (LMT.N), which is also based in Bethesda, Maryland. That VH-71 helicopter project, which is more than 50 percent over budget, was singled out by President Barack Obama last week as an example of the Pentagon’s procurement process “gone amok”.
Lockheed spokesman Troy Scully said the company was not responsible for the data breach.
Connecticut-based Sikorsky said it was investigating the incident and declined further comment. Doss said Sikorsky was not the source of the data breach.
Tagliaferri said the employee was a high-level executive, but the breach took place outside the company’s offices, indicating the executive may have had the helicopter data on a home or personal computer that was also used to share music or movies. The disclosure was likely unintentional, he said.
The file was found on an Iranian computer on Feb. 25.
He said the U.S. defense contractor was not a Tiversa customer, which meant his company had not noticed the data breach until some time after it occurred.
Tiversa downloads more than 100,000 files a day that are inadvertently disclosed through peer-to-peer music and movie sharing software, which give users around the world direct access to another person’s computer. The files can include Social Security numbers, payroll data, tax returns and many other sensitive documents, Tagliaferri said.
“This is like a stolen laptop times a million,” Tagliaferri said. Data breaches through file-sharing networks are becoming more common as more people share electronic versions of movies and music, he said, and hackers and criminals are becoming more savvy in pinpointing such files. (Reporting by Andrea Shalal-Esa; Editing by Tim Dobbyn, Gary Hill)