The U.S. Federal Aviation Administration announced this week that online criminals stole personnel records on more than 45,000 workers after breaching the government agency's network.

The breach did not extend into the FAA's air-traffic control network or affect any computer that deals with operations, the agency said in a statement. The compromised computer server had 48 files, two of which contained personnel information on employees and retirees that were on the FAA's benefits list as of February 2006.

"The FAA is moving quickly to prevent any similar incidents and has identified immediate steps as well as longer-term measures to further protect personal information," the FAA said in its statement. "The agency is also providing a toll-free number and information on the employee website for those who believe they may be affected by the breach."

While U.S. government agencies have slowly improved their compliance with the Federal Information Security Management Act (FISMA), network security continues to be a problem. Significant breaches at the Departments of State and Commerce as well as the exfiltration of military data by international hackers has attracted the scrutiny of members of Congress. Last year, the Bush Administration brought together a number computer-security projects under the umbrella of the Comprehensive National Cybersecurity Initiative (CNCI). Vowing to continue the focus on better security, President Barack Obama has ordered a 60-day study of the nation's initiatives and has promised to create a position for a top presidential advisor on cybersecurity.

The FAA has had issues in the past with cybersecurity. In 2004, a government audit found that the agency's air-traffic control systems were vulnerable to online intrusions.

If you have tips or insights on this topic, please contact SecurityFocus.