Military Data Leak Worse Than Previously Thought...
from the much,-much,-much-worse dept
Last year, we noted that in almost every publicized case of a data leak, there was almost always a correction a few weeks later boosting the number of impacted people, often by large amounts. That's certainly true in the case of the stolen laptop and hard drive from a Veterans Affairs employee. When the story first came out, everyone was told that it only contained the data for veterans. Not so, apparently. The VA has now admitted that the stolen data includes information on 2.2 million military personnel as well, including approximately 80% of the nation's active-duty forces. Perhaps it's time to add current soldiers to the new lawsuit filed on behalf of veterans. In the meantime, these repeated stories of stolen laptops should cause some to wonder why those with such important data on laptops don't do the simplest things to protect the data.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
I don't get it
People like this should be literally thrown in a federal jail for a few years. That'll keep other idiots from taking this kind of stuff home with them
I know this is a royal pain in the arse and I also know it's very costly and difficult to implement but I feel that data should be seperated. There should be about a half a dozen sites around the country with database servers. Each server contains a certain number of people's records. The catch is that these records are both encrypted and that an entire record or file of any given person is fragmented enough that no one single record exists on a single site. Further more no user should ever have access to more than a certain number of records at a time. To go even further not even backup operators get access to the entire system, only a single database on a single server.
Backups are made locally and sent offsite, but no backups are ever in the same location, and they should be kept in maximum securty vaults.
This probably isn't even possible, let alone viable. But that's not the point: The point is how do we keep stupid idiots --or worse: criminals-- like this from walking off federal databases with quite literally *millions* of people's personal information?
Oh, wait, our president already wants to do this.
[ link to this | view in thread ]
Ugh
How irresponsible.
[ link to this | view in thread ]
another security suggestion
[ link to this | view in thread ]
Re: I don't get it
[ link to this | view in thread ]
Short-sighted... and dedicated?
[ link to this | view in thread ]
Can't sue
Perhaps it's time to add current soldiers to the new lawsuit filed on behalf of veterans.
Unless things have changed recently, an active duty serviceman can not file suit against the government without the government's permission. Maybe that's just the DOD...
[ link to this | view in thread ]
Re: Short-sighted... and dedicated?
[ link to this | view in thread ]
on a different note
[ link to this | view in thread ]
Re: Re: Short-sighted... and dedicated?
[ link to this | view in thread ]
Data Leak
[ link to this | view in thread ]
Data
The 10,000,000 was an arbitrary number I pulled out of the air, who really knows how many vets, both past and present are in this data base; it could be 10, 20, 30 or many millions more.
When I was in the service, they kept everything about in in the DEFAS database. They could pull up most of your data from date of birth, social, residential history, service locations, you name it. With all that data, I wonder how large this database really was. If the analyst was taking home the project on a CD then 800 mb seems a bit small for all that data. Of course if he was stealing data slowly, that could make a bit more sense, only time will tell.
I love the comment from Chron.com:
Of course no one has used this data yet most half smart criminals would sit on this data for months if not years before using it.
And look the lawyers jumped on it:
$1,000 might barely cover the legal fees most people end up paying in the event of identity theft. I wish they would get a clue and really stick it to them but by doing this so early, any vet who accepts the $1,000 indemnifies the government later.
[ link to this | view in thread ]
Re: Re: Short-sighted... and dedicated?
I agree with the poster who said that there should be hardware encryption built in to laptops.
[ link to this | view in thread ]
[ link to this | view in thread ]
Innocent worker????
I don't see this as a coincidence, innocent happening, poor
old worker. Why did they take it home? Why was it suddenly
stolen? I would thinik this worker doesn't need to be on leave;
but either behind bars or out on bail under house arrest.
This is highly likely not to be an innocent worker and a random
bunch of thieves. I got a letter, too, and my service is before 1975! They are hiding the total numbers!
[ link to this | view in thread ]