VA's Plan To Advertise Value Of Data Leak Worked
from the in-hindsight dept
Back in May, following the theft of one of its employee's laptops containing personal data on 50,000 veterans, the VA tried a new version of security-via-obscurity. It first said that chances where the thieves had no idea about the data, and probably just stole the laptop for its resale value. They then followed this up by doing their best to make them aware how valuable it was, putting up a $50,000 reward and pumping it up in the press. The FBI said at the end of June the machine had been recovered, and now, the thieves have been apprehended, and told police they didn't know they'd gotten anything more than a random laptop until -- yes, you guessed it -- the theft got publicized. Admittedly, companies or governmental groups in this situation are in a bit of a bind. They need to own up to people whose information they've lost that they are at risk, but should exercise a bit of restraint in putting the story out so they don't alert otherwise ignorant thieves to the real value of the computers they've stolen. Though undoubtedly any attempt at restraint is likely to be interpreted as a cover-up or ignoring the problem. The real solution, of course, is to prevent the data leaks. While the question of whether or not the data in the VA case is at risk seems to be answered, the bigger question remains: why did an employee have the personal information on 26.5 million veterans on a laptop, let alone at their home?Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Does it BELONG to the VA or are you saying VA is?
[ link to this | view in chronology ]
Re: Does it BELONG to the VA or are you saying VA
It belongs to the VA...
[ link to this | view in chronology ]
Re: Does it BELONG to the VA or are you saying VA
Ralph's an idiot.
To end on a kind note, hopefully Ralph's preparing for his epic journey into middle school as the freedom of summer draws to a close (or even lower on the totem pole, from one who still has at least a faint bit of belief in the educational system).
[ link to this | view in chronology ]
Why?
[ link to this | view in chronology ]
Ralph with the itchy trigger finger
Just as written originally.
No apostrophes were harmed in the making of this post.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
3.5 months later...why now?
First it was claimed that someone turned in the laptop that he bought from the back of a truck when he saw the $50,000 reward. Now they are saying that there was a tip that allowed the government to somehow get the data back...oh and they've yet to specify exactly how they got it back on June 28th. Get your story straight because I am having trouble believing a darn thing that the government announces these days.
http://www.techknowbizzle.com/2006/07/times-getting-even-tougher-for-vets.html
[ link to this | view in chronology ]
Re: 3.5 months later...why now?
[ link to this | view in chronology ]
VA = Vaginal Atrophy
[ link to this | view in chronology ]
Re: VA = Vaginal Atrophy
"There is too many" is not correct either, so before you jump on someone else's 'mistakes' you should correct your own, Joe.
[ link to this | view in chronology ]
Virginia not a state?????
Info source: http://encarta.msn.com/dictionary_1861599003/Commonwealth.html
I think maybe you should take your own advice and a do a little research so you can come up with an intelligent response instead of just mouthing off like you know everything and then end up being wrong.
[ link to this | view in chronology ]
Re: VA = Vaginal Atrophy
F.U. A.H., M.F.P.
[ link to this | view in chronology ]
#7 VA = ?WHAT?
This is TechDirt. Stories and matters about technology.
Technology as well as the military use nothing but acronyms.
I'm quite certain that once a person recognizes the context, the use of the acronym becomes clear. It may be unclear to those unintiated to the story.
I never questioned the acronym yet I imagine sthat there are people who question it. Perhaps if the contributor at least writes the entire reference once in parentheses to eliminate any doubts.
[ link to this | view in chronology ]
Re: #7 VA = ?WHAT?
Lexis Nexis shows no reference to Nessus with this story.
[ link to this | view in chronology ]
http://en.wikipedia.org/wiki/Commonwealth_%28United_States%29
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Virginia is a state, period.
I think a more accurate usage of the term would be for places like Puerto Rico, which are associated with the USA but are not states. For info on this, see below:
http://en.wikipedia.org/wiki/Commonwealth_%28U.S._insular_area%29
[ link to this | view in chronology ]
again???
[ link to this | view in chronology ]
"Four of the constituent states of the United States officially designate themselves Commonwealths"
They are states, which formally designate themselves as commonwealths ... but states, nonetheless.
[ link to this | view in chronology ]
the VA by any other name is just the same.
[ link to this | view in chronology ]
Easy...
What if he's like the Ralphie on the Simpsons, he's probably sincere yet misinformed.
[ link to this | view in chronology ]
VA
On the actual topic: It is extremely difficult to control the copying of business data by employees. Although anything can be hacked, encryption makes it more difficult to use data on a stolen device or removable media. I suppose this well publicized incident will influence many organizations with sensitive data to evaluate the effort of doing this vs. the risk of not doing it.
[ link to this | view in chronology ]
Commonwealth vs. State
On to the article! I think on balance, putting out the word is a good thing. Data leaks, even if all the best security policies are in place, will most certainly happen. It's better to be (or even just appear) serious about the matter than just hoping nothing bad happens.
Just like individuals making software security leaks public alerts hackers of an exploit, it also puts pressure on the company to fix the problem. Embarassing mistakes are only bad news if you don't fix the problem.
The VA can come out of this more secure, where if they had not said anything, they probably wouldn't change the culture that brought it on in the first place.
[ link to this | view in chronology ]