Information was collected on about 800 forms of threats. Many of these forms described the same threat with different causes. By grouping similar threats, the number of distinctive threats was reduced to 72. A systematic pattern of threats to data security was found at the various installations. All of the threat types could be categorized according to various operational situations common to the installations. Nineteen separate conditions were identified, and they were found to fall into three basic groups: handling of material and equipment, system operation, and environmental factors. Most of the threats occur because simple routines do not behave as expected. The threats may be well known to the operating staff, and the existence of the threats is accepted either because the staff does not appreciate the hazards involved or because possible preventive measures are too time-consuming. Supervisors are often not aware of the threats and therefore take no action. The majority of the threats involve modifications to or destruction of data. Threats likely to lead to disclosure of data are relatively few. Many threats involve problems of communication among staff. The observed threats also often suggest weaknesses in the interaction between the staff and the hardware. Although the study was not intended to suggest measures to correct the deficiencies that invite the threats, such measures are described to the extent that they have been implemented in the installations studied. A catalog of deficiencies that invite the identified threats is presented. Graphic presentations of the threats and associated deficiencies are provided, along with a glossary. (Author summary modified)