VA Hopes Data Thieves Are Stupid
from the one-way-to-protect-data dept
While there's been plenty of talk about how a VA employee brought lots of confidential personal data home with him only to have it all stolen in a burglary, some are noticing that the VA's response has been a bit odd. While they're giving the standard talk about how you should check your credit reports and watch for any suspicious activity, they're also going around and telling people they probably shouldn't worry because the thieves probably have no idea what they stole. Of course, now that they're blasting it all over the internet, perhaps the crooks will be alerted to what they stole. Either way, it seems like a pretty weak response to not protecting the data.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Screwed Up
[ link to this | view in chronology ]
Re: Screwed Up
[ link to this | view in chronology ]
Re: Screwed Up
As for the VA hoping the thieves are stupid, how do they justify their own stupidity in losing the data in the first place?
Stupid begets stupid - oops, sorry back to talking about Virginia again - lol.
[ link to this | view in chronology ]
Re: Re: Screwed Up
[ link to this | view in chronology ]
Re: Re: Screwed Up
Errr... It's actually the Department of Veterans Affairs...
We should remember that most VA employees aren't this careless. The VA certainly isn't the well-oiled machine that many of us would hope, but the employees are generally hard working, good-hearted people that really try to do what's best for the veterans they serve. Let's not let this single jackass ruin it for the whole organization...[ link to this | view in chronology ]
Veterans Administration vs. Virginia
I'm from the west coast, and trashing a federal governmental organization seems normal, trashing an individual state is less common, at least until it makes it into the mainstream national news.
[ link to this | view in chronology ]
Re: Screwed Up
[ link to this | view in chronology ]
well if the idiot is more than a crackhead lookin to score some bucks selling the laptop for some money, then no..but thats if the person that bought the laptop is an idiot too...im sure itll end up in someones hands thatll know wut to do with it
[ link to this | view in chronology ]
Makes me happy that I was skipped over in the very first draft lottery. My number came up as 332 out of 365. It also makes me very concerned for the millions of Vets at risk. The government will show very little concern and probably be able to do very little to help these victims. There is no excuse for this sort of security security lapse.
[ link to this | view in chronology ]
The va needs to get it together too. I work for a defense contractor that employes 46000 people and every hard drive, laptop or desktop, is encripted. even if there is no FOYO or SBU on it. I realize it is not fool proof but a database of that nature should have some safeguards.
and before the grammer police get me I know I spelled encripted wrong.
[ link to this | view in chronology ]
Better practices are sometimes hard learned
As for the VA. This is a hard lessoned learned and it will assuredly cause them some PR problems that will be an uphill battle to remedy. I've worked with quite a few banks and insurance companies over the years that understand just how valuable their customer data is. There are certain standards and regulatory compliance requirements that they are generally very strict about maintaining. The government, in general, is supposed to follow the same strict guidelines and is usually very protective of personal data. What this tells me is that the VA allowed a breach of compliance with certain standards and that they need a very serious audit and re-vamp of their data management processes.
The only data a developer should ever be allowed to see, let alone copy, should be dummy data provided for the purpose of testing. Never the actual data...
[ link to this | view in chronology ]
Secondly, the assertion in the story that there is no evidence the theft was intended for that data specifically makes me leary. Unless the employee frequently took home sensitive data (and without permission according to the story) I find the timing of the robbery suspect. "Amazing coincidences" tend to raise my BS radar. Also stealing a laptop I can understand, but stealing disks? Not likely unless they had good reason to know they might contain very valuable information (meaning they knew, or had word from someone who knew, the victim and what he did for a living).
[ link to this | view in chronology ]
Re: stolen disks
This doesn't change the fact that some moron would bring home sensitive data and leave it lying around in his laptop bag no doubt. Are we sure this didn't happen in Virginia?
As much as I don't care for Kerry, he is right, someone needs to be fired.
[ link to this | view in chronology ]
Our US Government
[ link to this | view in chronology ]
Here is one possible solution
[ link to this | view in chronology ]
"Hey this stuff looks valuable"
Iand most of the time they are right
[ link to this | view in chronology ]
[ link to this | view in chronology ]