VA Records Loss Worse Than Originally Reported

Damn it, this just keeps getting worse.

WASHINGTON – Personal information on 26.5 million veterans that was stolen from a Veterans Affairs employee this month not only included Social Security numbers and birthdates but in many cases phone numbers and addresses, internal documents show.

Meanwhile, VA Secretary Jim Nicholson said Wednesday that he had named a former Arizona prosecutor as a special adviser for information security, a new three-month post that will pinpoint security problems at the VA and develop recommendations for improvements.

The three pages of memos by the VA, written by privacy officer Mark Whitney and distributed to high-level officials shortly after the May 3 burglary, offer new details on the scope of one of the nation's largest security breaches. The memos were obtained Wednesday by The Associated Press.

They show that a file containing 6,744 records pertaining to "mustard gas veterans" — or those who participated in chemical testing programs during World War II — was breached, and that a "short file" with as many as 10 diagnostic codes indicating a veteran's disability also was stolen.

At the same time, however, the memos suggest that the data might be difficult to retrieve by thieves.

"Given the file format used to store the data, the data may not be easily accessible," stated one memo dated May 5 and distributed internally May 8.

Gee, why doesn't that make me feel better? So far the VA has announced the analyst who took the data home will be fired, VA deputy assistant secretary Michael McLendon has announced his resignation and the department placed Dennis Duffy, the acting head of the division in which the data analyst worked, on administrative leave.

I'd say there are some tough questions that need to be answered right now. I still want to know exactly why that data was being taken home.

This entry was posted in Crime. Bookmark the permalink.

3 Responses to VA Records Loss Worse Than Originally Reported

  1. Amused and Appalled says:

    2 Obvious possibilities for the data format:

    SAS

    SPSS

    A couple hundred dollars and anyone has access to all of the data.

    The “cover” memo was written by someone who has never touched a keyboard.

  2. Gaius says:

    Yeah, like I said, it doesn’t exactly warm the cockles of my heart to hear that particular statement.

  3. DSmith says:

    I somewhat doubt the data was “taken home”, at least intentionally. In many IT shops today, desktop computers are being replaced by laptops, even for empoyees who don’t travel a lot. One of the reasons for this is to facilitate telecommuting. So think of it in terms of, “he downloaded the data to his desktop, and it got stolen”. I don’t know that this is the case, but it’s a distinct possibility.

    You’re never going to keep all the data locked up on servers. It’s not practical. In my opinion the only real solution for this is for organizations to employ encryption of their hard drives as a standard.

Comments are closed.