Now That Everyone Knows How Valuable VA Data Is... It Gets Stolen Again
from the ooops dept
Just as news reports are spreading about how the thieves who stole the laptops containing personal data of millions of vets from the Veterans Affairs department have have been caught, it appears the VA has a new problem to deal with: more data has been stolen, this time from the office of a contractor (though, on a desktop machine, not a laptop). Again, there's no explanation so far why this contractor had the data, or why it wasn't encrypted. However, it sounds like the VA may need to go back and reinstate their offer for free credit monitoring, which they had pulled after they determined that the data on the original laptop had not been accessed.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
And then, anybody'll be able to know anything about anyone, just because the data is not protected at all.
But it's election year, right ? Please someone reassure me and tell me you'll put these frackheads out of office for good.
[ link to this | view in thread ]
Our Government? pffttt!
I would like to think we could vote some of these asshats that allow this to happen out of office, but they use buzzwords and misdirection to get people to look away from the important issues. Words like 'national security', safety et al. What a fricken joke, they can't even 'secure' a fricken computer...
[ link to this | view in thread ]
[ link to this | view in thread ]
Welcome home vets...
It's sad that this is happening to our vets (I'm in this boat too). I still can't comprehend WHY anyone is allowed to take information out of the building. That was unheard of where I was stationed...and that was in the early 90's.
[ link to this | view in thread ]
[ link to this | view in thread ]
I'm not knocking the contractors specifically, I'm one - but how are we expected to even care when we're gonna be there for 90 days?
I still do my job, and I consider the company's data security to be a part of that. While you'll find many contractors with the same opionion - most certainly not all share that value.
Especially government contractors. They do 95% of the work while most of the Feds sit around, sleep in their offices, take days off, etc..
Maybe they'll come looking for me now, but it's the truth... I've been there :)
[ link to this | view in thread ]
stolen sensitive information/i.d. theft
I'm the CEO of a web service company that offers users easy, totally secure, completely accurate, access to their information with a comprehensive tracking capability.
Knowing that we have worked out a secure way to access, store, share and track data leads me to believe these corporations and government agencies don't really believe they have a prolem, that encrytion is the answer. No true. There's another possibility...They don't know how to fix the problem.
These problems are huge and we should all be very concerned.
[ link to this | view in thread ]
Re: stolen sensitive information/i.d. theft
I'll accept the "totally secure" description of your service. If your willing to suspend disbelief, so am I.
However, even assuming that you have created a secure environment for data ON YOUR SERVERS, IN AN ENVIRONMENT YOU CONTROL, what exactly does that have to do with the people who are accessing said information securely and placing a copy on their crappily secured laptop that they use to update their myspace site and surf porn?
It's easy to take shots at the VA and other government agencies. Hell, I do it all the time. But to suggest that there is anything approaching a simple fix to the problems is disingenuous at best.
There are so many attack vectors and so much information managed so poorly by people who have little knowledge about basic security, and as you said are just trying to get their job done, that the fact that this doesn't happen more often frankly amazes me.
[ link to this | view in thread ]
Re: Re: stolen sensitive information/i.d. theft
Instead of your negative posture laced with arrogance, you should be posing questions inviting intelligent dialogue or making suggestions rather than sitting on a pirch offering criticizm or at a minimum vacuous comments. If you have expertise in the security space, state a solution. This problem, enormous as it is, must be solved with a new paradigm. We will begin to offer responsible mobile professionals with another way to do business.
By the way, this problem affects financial institutions more often than government agencies.
[ link to this | view in thread ]
Re:
Surely you jest! The only thing she has accomplished is to convince Georgie to keep her around, as if he is a good judge of character.
Down with all incumbents - vote for None of the Above!!
[ link to this | view in thread ]
Re: Re: Re: stolen sensitive information/i.d. thef
A "totally secure" solution that works for responsible, sensible, security aware information workers is an awesome solution; IF YOU HAVE RESPONSIBLE, SENSIBLE, SECURITY AWARE information workers...
But they don't. And the information owners are scarcely any better.
The PEOPLE are the problem.
People allow access to information that shouldn't be granted.
People allow information that shouldn't be removed from it's secure strorage to be removed.
People allow unsecured machines to hold sensitive information.
People allow other unqualified people to responsible for the care and welfare of sensitive information.
People allow information to be obtainable and usable only in a decrypted form.
I think someone who is touting their mobile security platform (if that's what it is) as the solution to all the VA (and financial institution) information-leaking-ills is the arrogant one.
Until there are real, painful consequences to the leaking of private information, it will continue. Pay each person $1000 everytime their information is leaked and I bet you see organizations start to take it seriously.
The cost of non-compliance must be much larger than the cost of compliance.
[ link to this | view in thread ]
Are you serious!?!?!
I am sick of using the "when will they ever learn..." phrases to describe what's been going on with the VA lately, but this is absolutely inexcusable. There is no reason why the data on that desktop was not encrypted, I mean, did they learn a darn thing after nearly costing millions of vets their credit? I just can't believe that Nicholson would allow this to happen yet again.
http://www.techknowbizzle.com/2006/07/times-getting-even-tougher-for-vets.html
I can't imagine how vets must be feeling seeing as their VA office constantly has let them down over the past few months. For goodness sake guys, how do you think the rest of the world looks at our veterans and military system these days. If this instance doesn't teach you a lession to encrypt and not be dumb with data then I do not know what will...
http://www.essentialsecurity.com/Documents/article16.htm
[ link to this | view in thread ]