Today's Washington Post has some additional details on the missing Veteran's Administration files. The analyst who violated procedures and had them at his home – where they were stolen in a burglary – had a history of taking data home improperly. The stolen records appear to all be for discharged veterans.
The Department of Veterans Affairs data analyst who lost 26.5 million veterans' personal information when his home was burglarized had routinely taken such data home since 2003, VA Inspector General George J. Opfer said yesterday.
"It wasn't like all of a sudden one night he took home all this data," Opfer said during a break in House and Senate hearings on the massive information security breach.
Authorities announced a $50,000 reward for information leading to the recovery of the laptop computer and external hard drive stolen May 3 from the employee's Aspen Hill home. The VA inspector general and the FBI are offering the reward. Montgomery County police asked anyone with information to call 866-411-8477.
Federal investigators have removed other sensitive VA data the worker was not authorized to have at home, Opfer testified. He said his staff will identify all the data the employee had at home and determine which supervisors knew about it.
Veterans Affairs Secretary Jim Nicholson said the stolen information was not encrypted or "scrambled." He reiterated that there has been no indication that thieves are using the data to open credit card accounts, take out bank loans or engage in other forms of identity theft.
The electronic file contained names and dates of birth for as many as 26.5 million veterans who have been discharged since 1975, or who were discharged in any year and are collecting disability compensation from the department, Nicholson said. The file also included the Social Security numbers of 19.6 million of those veterans, he said. He said fewer than 100 spouses are believed to be included in the file.
Even worse is the inexcusable delay in reporting the theft both internally within the VA and to police authorities:
Opfer said his office did not learn of the lost data until May 10, and then only through an offhand remark by a VA employee at a routine meeting. Nicholson was even further out of the loop; he testified yesterday that his subordinates failed to inform him until May 16 — nearly two weeks after the theft put millions of veterans at risk of identity theft. The FBI was not told until May 17, and Nicholson did not make a public announcement until Monday.
If there ever was a case where a number of people must be fired, this is one. There simply is no excuse – none whatsoever – for this. Nobody should be able to do this kind of damage; the entire system of security is a joke. If you know anyone who is a veteran, please warn them about this.
“The analyst routinely took work home.” And now everyone is aghast and says this never should have happened. I am pretty certain his supervisors knew he was taking this work home and I am also reasonably certain that this man’s evaluations reflect the great job he was doing by “going above and beyond.”
And now we all want to hang him. What a bunch of phony a–holes.
I say shoot everyone above him in his chain. But leave this poor bastard alone — he was only trying to do his job.
Signed,
A Veteran
Yeah, right. Let’s give him a medal.
He violated procedures, he should be fired. The VA has inept security if there wasn’t even encryption on the data. Lots and lots of rope there. Some people need to lose jobs there, too.
Gaius,
John has a good point. Yes, he was violating procedures. It’s very possible his supervisors either knew he was violating procedures and looked the other way, or they may have asked/required him to do so.
What is called for is an investigation to see if his actions are not an isolated incident, but common practice.