VA Continues Its Annual Tradition Of Losing Laptop With Unencrypted Sensitive Data

from the the-ministry-of-data-leaks dept

When we last checked in with the Veterans Administration (VA) it was to suggest that it rename itself the "Ministry of Data Leaks." That's because every year or so they admit that they've lost a computer that happens to contain unencrypted personal data on VA members. And, each report seems to get worse than the previous one. So you would think that, by now, the VA would have at least put in place some system to encrypt and protect the data it stores. That would be wishful thinking. It's now come out that the VA has had two major data breaches in just the last month -- both involving laptops that had unencrypted data.

Of course, this comes after those earlier breaches cost taxpayers tens of millions of dollars in notifications and in response to a class action lawsuit, leading Congress to require the VA to encrypt its data. Apparently, the VA didn't bother to actually follow through on that requirement. Congress is now investigating again, with the following statement from Rep. Steve Buyer in kicking off the investigation:

"I attribute the continued lack of security to poor memory among VA's senior management, and its failure to realize the magnitude of the problem that could have been prevented," Buyer writes. "This is an inexcusable abrogation of responsibility that would not be tolerated in any private company. Veterans and American taxpayers expect a higher standard from the VA...."

Not that I expect a Congressional investigation to be very effective, but at some point you have to wonder what folks at the VA are thinking.

Filed Under: data leak, encryption
Companies: va, veterans administration