My first question is: why was the data being stored by a third party in the first place?
Shouldn't data like this be stored completely independently of the Internet? Yes, I realize that does not guarantee it is secure since there has to be some point of access. On the other hand, it would reduce opportunities for people to breech the databases.
Because they don't care about actual information security, they care about "national security." They optimize for giving all branches of US law enforcement, from the federal to state to local level, access to 7 years of historical data whenever they claim they need it.
I don't buy into that theory, at lrast in this case. There are other ways to hand-off data when it is legally requested. On the other hand, such data would be valuable to foreign actors who do not have a legal means of accessing such data. It would require a high degree of incompetence to sacrifice national security in the name of convenience.
Shouldn't data like this be stored completely independently of the Internet? Yes, I realize that does not guarantee it is secure since there has to be some point of access. On the other hand, it would reduce opportunities for people to breech the databases.