VA Reminds Thief How Valuable Stolen Data Is

from the perhaps-not-the-best-plan dept

Thu, May 25th 2006 7:15pm — Mike Masnick

Earlier this week, we noted that the Department of Veterans Affairs seemed to be hoping that whoever stole a laptop and hard-drive with lots of veterans' private info was too stupid to know what they had stolen. However, it seems they're doing their very best to make sure everyone realizes it's quite valuable. They've now put up a $50,000 reward for any info leading to the recovery of the data. Of course, should the thief hear about this, then what's to stop him (or her) from simply copying the data and then figuring out a way to return the laptop and get the $50,000? Not that security through obscurity was likely to work in this case, but it seems sort of odd that they were so adamant that thief likely had no idea how valuable the data was -- and then put a price on it and blasted it all over the news.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

42 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 25 May 2006 @ 8:03pm

VA Reminds Thief How Valuable Stolen Data Is...
And so does TechDirt!!!
Thanks guys I appreciate that. :(
[ link to this | view in chronology ]
- Bronko, 25 May 2006 @ 8:41pm
  
  Re:
  yeah, cause tech dirt is going to be where he finds out!
  
  retard
  [ link to this | view in chronology ]
- Felix L Scott, 25 May 2006 @ 8:46pm
  
  Re:
  The professional press is out of control in this country. It has been so for a long time. I am a liberal Democrat and have been one my entire voting life. I am retired now. I realize that we need a free press. This is a Democracy, but use your head sometimes. We know how to keep some things totally secret. Sometimes we have a leak, but some things are so top secret the public will knew know what really happened. This is just too much information, but it is what I expected.
  [ link to this | view in chronology ]
kinam, 25 May 2006 @ 8:53pm

Re
oh my gosh...
[ link to this | view in chronology ]
Felix L Scott, 25 May 2006 @ 8:56pm

I am one of the veterans whose social security number has been exposed. I was honorably discharged from the army in 1983. I wonder if the VA is responsible for this or if the press is.
[ link to this | view in chronology ]
- Mr.Clarke, 25 May 2006 @ 10:01pm
  
  Re:
  no,
  it's the bird brain at the dept of veterans affairs that took the files home on the pc that is responsible for my name and social and claim number being compromised.
  
  no one else, he or she is the one guilty of criminal behavior.
  
  what's that jerks name? that's what i want to know.
  
  so i guess i just keep paying Wells Fargo to monitor my personal information on the national credit bureaus.
  [ link to this | view in chronology ]
- Anonymous Cowardly Comedian, 26 May 2006 @ 5:29am
  
  Re: Discharge
  Actually, I think you are chiefly responsible for your honorable discharge, along with the Army.
  Thank you for your service to our country!!
  
  (Just playing with the ambiguity of the predecessor of "this") ;-)
  [ link to this | view in chronology ]
ssego, 25 May 2006 @ 9:16pm

It's their fault...
That's what each party will say while pointing fingers in the other direction.
[ link to this | view in chronology ]
?, 25 May 2006 @ 9:37pm

It is the internets fault
I think we should shut it down before the terrorists use it to kill us all.
[ link to this | view in chronology ]
rijit (profile), 25 May 2006 @ 9:59pm

Well, once again our super intelligent government is doing it's normal don't let the right hand know how bad the left hand screwed up. Gotta love the VA, until now we only thought it was ran by a bunch of brainiacs, no we know for sure....
[ link to this | view in chronology ]
I, for one., 25 May 2006 @ 10:27pm

Lost laptops
Reminds me of a notice I saw stuck to the inside of a phonebox in London, something like

"I lost my laptop here. If anybody found it please get in touch with me immediately! I will pay a reward. Very important - NO POLICE. Please DO NOT HAND IT IN TO THE POLICE"

and the guy put his phone number. LMAO

I wonder what was on that laptop? I resisted the urge to copy down the number for future entertainment.

Encrypted hard drives people!
[ link to this | view in chronology ]
- mark, 26 May 2006 @ 1:39am
  
  Re: Lost laptops
  maybe child pornography or ways to avoid the toll in the chunnel....
  [ link to this | view in chronology ]
Anonymous Coward, 26 May 2006 @ 3:48am

The Washington Post printed the date, timeframe, neighborhood, and the fact that at least two identical neighborhood burglaries occurred within hours of each other.
[ link to this | view in chronology ]
Tim Arview, 26 May 2006 @ 5:21am

Yeah...
I tend to agree with the posts at the top. A definite faux pas, there, Mike. Twice, too, it seems.
[ link to this | view in chronology ]
- Mike (profile), 26 May 2006 @ 11:52am
  
  Re: Yeah...
  I tend to agree with the posts at the top. A definite faux pas, there, Mike. Twice, too, it seems.
  
  Are you serious? It was the VA that lost the data. It was the VA who claimed that no one would know about it and it was the VA that then went out and told everyone how valuable it was and promoted it everywhere.
  
  To blame *us* for anything is just bizarre.
  [ link to this | view in chronology ]
  - Tim Arview, 26 May 2006 @ 9:41pm
    
    Re: Re: Yeah...
    If someone makes a mistake, and you repeat the mistake, are you not responsible for your actions? Of course you are.
    
    Yes, the VA screwed up. No one's arguing that. What I (and others) are claiming is that you have repeated that mistake by posting the same reward and information here.
    
    It showed up on my Google homepage for crying out loud! I didn't even have to search for it!
    
    But, hey, it's your story. Tell it how you want.
    [ link to this | view in chronology ]
    - Mike (profile), 28 May 2006 @ 7:20pm
      
      Re: Re: Re: Yeah...
      If someone makes a mistake, and you repeat the mistake, are you not responsible for your actions? Of course you are.
      
      We're not the ones giving away $50,000 to let everyone know how important the data is.
      
      Making a mistake and reporting a mistake are two amazingly different things.
      [ link to this | view in chronology ]
yotis, 26 May 2006 @ 5:52am

network???
why did the user have the data stored on the harddrive...moron...thats what the secure network is for...if he needed to work on it at home...remote into the network and work on it, dont download that stuff to your harddrive...fire the dumbass...oh, and by the way, yes i am a veteran. a mad 1 at that.
[ link to this | view in chronology ]
Curtis Breuker, 26 May 2006 @ 6:00am

well...
At least the VA is making an effort to attempt to recover the data. The $50,000 would be a pretty good incentive for someone to even turn in their friend.

It's a pity organizations haven't learned to protect their data, and keep employees from taking sensitive data like this home with them. At the very least the VA should of had a program on that laptop to call home the next time it got hooked into the net. Little late for that now though...
[ link to this | view in chronology ]
Anonymous Coward, 26 May 2006 @ 6:19am

It's a HORRIBLE crime to steal identities..

Unless, of course you're stealing social security numbers so you can work in the U.S. - then that kind of identity theft is ok...
[ link to this | view in chronology ]
mosh, 26 May 2006 @ 6:40am

gotta be kiddin me?
$50,000 reward for the laptop and a duplicate of the hard drive should be worth what??? another $50,000??? and another... and another... That's a great idea :-| Way to to smacko! Promote the theft of corporate data instead of punnishing the person responsible for having that crap on their hard drive.
[ link to this | view in chronology ]
Anonymous Coward, 26 May 2006 @ 7:24am

not the press's fault
Not sure why Felix & Tim & others are putting any blame on the press or Techdirt or Mike.

The VA and the FBI are OFFERING A REWARD! They are asking for publicity in order to get people to call leads in to their tip line.

But how many of these types of incidents do there need to be before the companies with tons of sensitive customer data adopt some decent security policies?
[ link to this | view in chronology ]
concerned vet, 26 May 2006 @ 7:35am

I'm sure...
1. that the laptop in question has been destroyed
2. that the data on it is in the possession of someone who will use it for no good (i.e. organized crime organization of some sort.)
3. the guy who stole it is either dead or paid off.

They better not publish the idiot's name. He's got millions of veterans PO'd about it, and who knows how many of them have guns.
[ link to this | view in chronology ]
Scott, 26 May 2006 @ 7:36am

I wish I knew the guy's name
I'd hunt him down and beat him about the head and shoulders with an encryption algorithm.
[ link to this | view in chronology ]
alternatives, 26 May 2006 @ 7:37am

The story that won't be told
Will be why this guy was taking work home for 3 years.

Is the VA IT staff so overworked they need to take home work?
[ link to this | view in chronology ]
- Petréa Mitchell, 26 May 2006 @ 10:49am
  
  Re: The story that won't be told
  "Is the VA IT staff so overworked they need to take home work?"
  Most investigations into incidents where an employee does some boneheaded thing that any moron knows is a breach of security turn up the following:
  1. The employee did this regularly
  2. All the employees did this regularly
  3. Anyone who tried to do things by the book gave up because the tradeoff between security and productivity was too painful-- either because it got the boss breathing down their neck about not staying on the project timetable, or because the security process was just too unwieldy to live with
  4. Management, the same management that kept approving the written security policy, was fully aware of how things really worked
  [ link to this | view in chronology ]
Getting Warmer, 26 May 2006 @ 8:05am

Data Loss
The US is so concerned about being able to collect taxes that we are now at risk daily from information theft that we cannot see, prevent, or stop.

The VA should have 2 pieces of information, the ID of the Veteran, and where to mail the checks. Problem Solved.

Compartmentalize the data, then no single loss will result in significant risk.
[ link to this | view in chronology ]
Panic, 26 May 2006 @ 8:22am

how do I know...
Is there any way to find out if our ssn was one of the one's compromised? I'm a vet, but don't know where to find out any info about if we can find out if we're compromised.
[ link to this | view in chronology ]
- RoyalPeasantry, 26 May 2006 @ 9:11am
  
  Re: how do I know...
  I remember hearind that SSN was one of the items stolen.
  Lets see if I can find the article.
  
  Here is is
  
  "names, dates of birth and Social Security numbers"... Thats all they need...
  [ link to this | view in chronology ]
tom, 26 May 2006 @ 8:27am

Business rules can and need to be put in place so
when are companies going to learn not to store sensitive information on laptops or PC.s there is no reason for this. This information can be stored on a secure network server. People loose or have their laptop stolen all the time. Business rules can and need to be put in place so this will not happen or at least makes it much more difficult. Companies should be forced to pay large fines for handling data so poorly and people should go to jail for covering it up or not reporting it in a timely manner.
[ link to this | view in chronology ]
kilroy, 26 May 2006 @ 8:35am

ouch
When you use words like retard I feel stupid and it hurts me.
[ link to this | view in chronology ]
dave, 26 May 2006 @ 8:38am

Last time I loosed my laptop it never came home!. But seriously folks, the press is bad for the people involved, but I'd glad we here about these incidents. Eventually (2089 by my estimates) we'll stop allowing companies to verify our identity without actually verifying it. If you falsely verify someone's identity...then you have verified nothing at all. I've not been hit by identity fraud (that I know of) and certainly a personal attack would stir anyone's passions about this issue. So, rant at us, rage at your politicians and berate these companies/organizations that lose and misuse this data. Then, lets all calm down and figure out BETTER ways to operate.

I would not be opposed to a one time tax to pay for fraud prevention for our veterans. Without them, we wouldn't have anything worthwhile to tax.

Thanks guys/girls for serving your country, hopefully your country can serve you now.
[ link to this | view in chronology ]
Mudd_Puppy, 26 May 2006 @ 8:41am

Stolen Laptop
The bad part about this is the VA does have regulations and secure access from avaiablility? So If my name was on this system the I am definitely going to file a lawsuit against the VA and the individual responsible!
[ link to this | view in chronology ]
- Anonymous Coward, 26 May 2006 @ 10:17am
  
  Re: Stolen Laptop
  Oh for crying out loud... when the DOD changed our Service Numbers to be our SSN you had your SSN written on the face of every check you cashed at the Post PX or Navy Exchange.
  
  Apply some common sense and flag your new vulnerability to the Credit Bureaus and quit worrying abou suing somebody. Sheesh.
  [ link to this | view in chronology ]
Mudd_Puppy, 26 May 2006 @ 8:41am

Stolen Laptop
The bad part about this is the VA does have regulations and secure access from avaiablility? So If my name was on this system the I am definitely going to file a lawsuit against the VA and the individual responsible!
[ link to this | view in chronology ]
Mudd_Puppy, 26 May 2006 @ 8:48am

OOPS
sorry for the typos. VA has secure access from in place.
[ link to this | view in chronology ]
Mudd_Puppy, 26 May 2006 @ 8:53am

OOPS again
sorry, working from cell phone and more typos, previous should read: Va has secure access from home in place.
[ link to this | view in chronology ]
Oh brother, 26 May 2006 @ 9:43am

And we call ourselves the most intelligent life fo
At least the one good thing is, they haven't released to much information. The bad thing is now every criminal who has stolen a laptop will be looking at their "earnings" trying to see if they were the one. So, despite the press not releasing to much info, they've already released enough information to cause problems.

You have a security breach, don't tell the press, go to the law enforcement agency and solve the crime, then tell the press once the breach has been resolved and the information is back in the right hands.

Or, go on TV or put an ad in the paper with let every reader/watcher know your SSN, DOB, Name and Credit Card number.
[ link to this | view in chronology ]
- Anonymous Coward, 26 May 2006 @ 10:20am
  
  Re: And we call ourselves the most intelligent lif
  The Washington Post has printed the date of the theft, the name of the town (Neighborhood, actually, the fact that two breakins occurred within a few blocks of each with similar MO's and the span of hours during which the break-ins occurred.
  
  Terrible judgement.
  [ link to this | view in chronology ]
Bizz, 26 May 2006 @ 2:31pm

Reward System
Who would turn it in for the reward?

Kind of like the line from Pee Wee's big adventure:

"Dottie - How are you ever going
to pay a reward like that?"

"Pee Wee - It's simple.

Whoever returns the bike is obviously
the person who stole it.
So they don't deserve any reward!"

What a shame that our vets are now further exposed to the possibility of identity theft...
[ link to this | view in chronology ]
Petr�a Mitchell, 26 May 2006 @ 3:33pm

A better use for the money
I wonder how $50,000 compares to the cost of simply buying up all the laptops and hard drives available at the pawn shops nearest to the location of the burglary?
I'd expect a competent business which had a laptop full of data stolen to do this, but...
[ link to this | view in chronology ]
Truth, 13 Jun 2006 @ 4:49am

we have a right to know the name of the thief
we have a right to know the name of the thief
... was it neocon? , Chinese, ?
[ link to this | view in chronology ]