VA Reminds Thief How Valuable Stolen Data Is

from the perhaps-not-the-best-plan dept

Earlier this week, we noted that the Department of Veterans Affairs seemed to be hoping that whoever stole a laptop and hard-drive with lots of veterans' private info was too stupid to know what they had stolen. However, it seems they're doing their very best to make sure everyone realizes it's quite valuable. They've now put up a $50,000 reward for any info leading to the recovery of the data. Of course, should the thief hear about this, then what's to stop him (or her) from simply copying the data and then figuring out a way to return the laptop and get the $50,000? Not that security through obscurity was likely to work in this case, but it seems sort of odd that they were so adamant that thief likely had no idea how valuable the data was -- and then put a price on it and blasted it all over the news.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, May 25th, 2006 @ 8:03pm

    VA Reminds Thief How Valuable Stolen Data Is...
    And so does TechDirt!!!
    Thanks guys I appreciate that. :(

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Bronko, May 25th, 2006 @ 8:41pm

    Re:

    yeah, cause tech dirt is going to be where he finds out!

    retard

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Felix L Scott, May 25th, 2006 @ 8:46pm

    Re:

    The professional press is out of control in this country. It has been so for a long time. I am a liberal Democrat and have been one my entire voting life. I am retired now. I realize that we need a free press. This is a Democracy, but use your head sometimes. We know how to keep some things totally secret. Sometimes we have a leak, but some things are so top secret the public will knew know what really happened. This is just too much information, but it is what I expected.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    kinam, May 25th, 2006 @ 8:53pm

    Re

    oh my gosh...

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Felix L Scott, May 25th, 2006 @ 8:56pm

    I am one of the veterans whose social security number has been exposed. I was honorably discharged from the army in 1983. I wonder if the VA is responsible for this or if the press is.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    ssego, May 25th, 2006 @ 9:16pm

    It's their fault...

    That's what each party will say while pointing fingers in the other direction.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    ?, May 25th, 2006 @ 9:37pm

    It is the internets fault

    I think we should shut it down before the terrorists use it to kill us all.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    rijit (profile), May 25th, 2006 @ 9:59pm

    Well, once again our super intelligent government is doing it's normal don't let the right hand know how bad the left hand screwed up. Gotta love the VA, until now we only thought it was ran by a bunch of brainiacs, no we know for sure....

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Mr.Clarke, May 25th, 2006 @ 10:01pm

    Re:

    no,
    it's the bird brain at the dept of veterans affairs that took the files home on the pc that is responsible for my name and social and claim number being compromised.

    no one else, he or she is the one guilty of criminal behavior.

    what's that jerks name? that's what i want to know.

    so i guess i just keep paying Wells Fargo to monitor my personal information on the national credit bureaus.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    I, for one., May 25th, 2006 @ 10:27pm

    Lost laptops

    Reminds me of a notice I saw stuck to the inside of a phonebox in London, something like

    "I lost my laptop here. If anybody found it please get in touch with me immediately! I will pay a reward. Very important - NO POLICE. Please DO NOT HAND IT IN TO THE POLICE"

    and the guy put his phone number. LMAO

    I wonder what was on that laptop? I resisted the urge to copy down the number for future entertainment.

    Encrypted hard drives people!

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    mark, May 26th, 2006 @ 1:39am

    Re: Lost laptops

    maybe child pornography or ways to avoid the toll in the chunnel....

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, May 26th, 2006 @ 3:48am

    The Washington Post printed the date, timeframe, neighborhood, and the fact that at least two identical neighborhood burglaries occurred within hours of each other.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Tim Arview, May 26th, 2006 @ 5:21am

    Yeah...

    I tend to agree with the posts at the top. A definite faux pas, there, Mike. Twice, too, it seems.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Cowardly Comedian, May 26th, 2006 @ 5:29am

    Re: Discharge

    Actually, I think you are chiefly responsible for your honorable discharge, along with the Army.
    Thank you for your service to our country!!

    (Just playing with the ambiguity of the predecessor of "this") ;-)

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    yotis, May 26th, 2006 @ 5:52am

    network???

    why did the user have the data stored on the harddrive...moron...thats what the secure network is for...if he needed to work on it at home...remote into the network and work on it, dont download that stuff to your harddrive...fire the dumbass...oh, and by the way, yes i am a veteran. a mad 1 at that.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Curtis Breuker, May 26th, 2006 @ 6:00am

    well...

    At least the VA is making an effort to attempt to recover the data. The $50,000 would be a pretty good incentive for someone to even turn in their friend.

    It's a pity organizations haven't learned to protect their data, and keep employees from taking sensitive data like this home with them. At the very least the VA should of had a program on that laptop to call home the next time it got hooked into the net. Little late for that now though...

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, May 26th, 2006 @ 6:19am

    It's a HORRIBLE crime to steal identities..

    Unless, of course you're stealing social security numbers so you can work in the U.S. - then that kind of identity theft is ok...

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    mosh, May 26th, 2006 @ 6:40am

    gotta be kiddin me?

    $50,000 reward for the laptop and a duplicate of the hard drive should be worth what??? another $50,000??? and another... and another... That's a great idea :-| Way to to smacko! Promote the theft of corporate data instead of punnishing the person responsible for having that crap on their hard drive.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, May 26th, 2006 @ 7:24am

    not the press's fault

    Not sure why Felix & Tim & others are putting any blame on the press or Techdirt or Mike.

    The VA and the FBI are OFFERING A REWARD! They are asking for publicity in order to get people to call leads in to their tip line.

    But how many of these types of incidents do there need to be before the companies with tons of sensitive customer data adopt some decent security policies?

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    concerned vet, May 26th, 2006 @ 7:35am

    I'm sure...

    1. that the laptop in question has been destroyed
    2. that the data on it is in the possession of someone who will use it for no good (i.e. organized crime organization of some sort.)
    3. the guy who stole it is either dead or paid off.

    They better not publish the idiot's name. He's got millions of veterans PO'd about it, and who knows how many of them have guns.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Scott, May 26th, 2006 @ 7:36am

    I wish I knew the guy's name

    I'd hunt him down and beat him about the head and shoulders with an encryption algorithm.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    alternatives, May 26th, 2006 @ 7:37am

    The story that won't be told

    Will be why this guy was taking work home for 3 years.

    Is the VA IT staff so overworked they need to take home work?

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Getting Warmer, May 26th, 2006 @ 8:05am

    Data Loss

    The US is so concerned about being able to collect taxes that we are now at risk daily from information theft that we cannot see, prevent, or stop.

    The VA should have 2 pieces of information, the ID of the Veteran, and where to mail the checks. Problem Solved.

    Compartmentalize the data, then no single loss will result in significant risk.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Panic, May 26th, 2006 @ 8:22am

    how do I know...

    Is there any way to find out if our ssn was one of the one's compromised? I'm a vet, but don't know where to find out any info about if we can find out if we're compromised.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    tom, May 26th, 2006 @ 8:27am

    Business rules can and need to be put in place so

    when are companies going to learn not to store sensitive information on laptops or PC.s there is no reason for this. This information can be stored on a secure network server. People loose or have their laptop stolen all the time. Business rules can and need to be put in place so this will not happen or at least makes it much more difficult. Companies should be forced to pay large fines for handling data so poorly and people should go to jail for covering it up or not reporting it in a timely manner.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    kilroy, May 26th, 2006 @ 8:35am

    ouch

    When you use words like retard I feel stupid and it hurts me.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    dave, May 26th, 2006 @ 8:38am

    Last time I loosed my laptop it never came home!. But seriously folks, the press is bad for the people involved, but I'd glad we here about these incidents. Eventually (2089 by my estimates) we'll stop allowing companies to verify our identity without actually verifying it. If you falsely verify someone's identity...then you have verified nothing at all. I've not been hit by identity fraud (that I know of) and certainly a personal attack would stir anyone's passions about this issue. So, rant at us, rage at your politicians and berate these companies/organizations that lose and misuse this data. Then, lets all calm down and figure out BETTER ways to operate.

    I would not be opposed to a one time tax to pay for fraud prevention for our veterans. Without them, we wouldn't have anything worthwhile to tax.

    Thanks guys/girls for serving your country, hopefully your country can serve you now.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Mudd_Puppy, May 26th, 2006 @ 8:41am

    Stolen Laptop

    The bad part about this is the VA does have regulations and secure access from avaiablility? So If my name was on this system the I am definitely going to file a lawsuit against the VA and the individual responsible!

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Mudd_Puppy, May 26th, 2006 @ 8:41am

    Stolen Laptop

    The bad part about this is the VA does have regulations and secure access from avaiablility? So If my name was on this system the I am definitely going to file a lawsuit against the VA and the individual responsible!

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Mudd_Puppy, May 26th, 2006 @ 8:48am

    OOPS

    sorry for the typos. VA has secure access from in place.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Mudd_Puppy, May 26th, 2006 @ 8:53am

    OOPS again

    sorry, working from cell phone and more typos, previous should read: Va has secure access from home in place.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    RoyalPeasantry, May 26th, 2006 @ 9:11am

    Re: how do I know...

    I remember hearind that SSN was one of the items stolen.
    Lets see if I can find the article.

    Here is is

    "names, dates of birth and Social Security numbers"... Thats all they need...

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Oh brother, May 26th, 2006 @ 9:43am

    And we call ourselves the most intelligent life fo

    At least the one good thing is, they haven't released to much information. The bad thing is now every criminal who has stolen a laptop will be looking at their "earnings" trying to see if they were the one. So, despite the press not releasing to much info, they've already released enough information to cause problems.

    You have a security breach, don't tell the press, go to the law enforcement agency and solve the crime, then tell the press once the breach has been resolved and the information is back in the right hands.

    Or, go on TV or put an ad in the paper with let every reader/watcher know your SSN, DOB, Name and Credit Card number.

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Anonymous Coward, May 26th, 2006 @ 10:17am

    Re: Stolen Laptop

    Oh for crying out loud... when the DOD changed our Service Numbers to be our SSN you had your SSN written on the face of every check you cashed at the Post PX or Navy Exchange.

    Apply some common sense and flag your new vulnerability to the Credit Bureaus and quit worrying abou suing somebody. Sheesh.

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Anonymous Coward, May 26th, 2006 @ 10:20am

    Re: And we call ourselves the most intelligent lif

    The Washington Post has printed the date of the theft, the name of the town (Neighborhood, actually, the fact that two breakins occurred within a few blocks of each with similar MO's and the span of hours during which the break-ins occurred.

    Terrible judgement.

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Petréa Mitchell, May 26th, 2006 @ 10:49am

    Re: The story that won't be told

    "Is the VA IT staff so overworked they need to take home work?"

    Most investigations into incidents where an employee does some boneheaded thing that any moron knows is a breach of security turn up the following:

    1. The employee did this regularly
    2. All the employees did this regularly
    3. Anyone who tried to do things by the book gave up because the tradeoff between security and productivity was too painful-- either because it got the boss breathing down their neck about not staying on the project timetable, or because the security process was just too unwieldy to live with
    4. Management, the same management that kept approving the written security policy, was fully aware of how things really worked

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    Mike (profile), May 26th, 2006 @ 11:52am

    Re: Yeah...

    I tend to agree with the posts at the top. A definite faux pas, there, Mike. Twice, too, it seems.

    Are you serious? It was the VA that lost the data. It was the VA who claimed that no one would know about it and it was the VA that then went out and told everyone how valuable it was and promoted it everywhere.

    To blame *us* for anything is just bizarre.

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    Bizz, May 26th, 2006 @ 2:31pm

    Reward System

    Who would turn it in for the reward?

    Kind of like the line from Pee Wee's big adventure:

    "Dottie - How are you ever going
    to pay a reward like that?"

    "Pee Wee - It's simple.

    Whoever returns the bike is obviously
    the person who stole it.
    So they don't deserve any reward!"

    What a shame that our vets are now further exposed to the possibility of identity theft...

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Petréa Mitchell, May 26th, 2006 @ 3:33pm

    A better use for the money

    I wonder how $50,000 compares to the cost of simply buying up all the laptops and hard drives available at the pawn shops nearest to the location of the burglary?

    I'd expect a competent business which had a laptop full of data stolen to do this, but...

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Tim Arview, May 26th, 2006 @ 9:41pm

    Re: Re: Yeah...

    If someone makes a mistake, and you repeat the mistake, are you not responsible for your actions? Of course you are.

    Yes, the VA screwed up. No one's arguing that. What I (and others) are claiming is that you have repeated that mistake by posting the same reward and information here.

    It showed up on my Google homepage for crying out loud! I didn't even have to search for it!

    But, hey, it's your story. Tell it how you want.

     

    reply to this | link to this | view in thread ]

  41.  
    icon
    Mike (profile), May 28th, 2006 @ 7:20pm

    Re: Re: Re: Yeah...

    If someone makes a mistake, and you repeat the mistake, are you not responsible for your actions? Of course you are.

    We're not the ones giving away $50,000 to let everyone know how important the data is.

    Making a mistake and reporting a mistake are two amazingly different things.

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Truth, Jun 13th, 2006 @ 4:49am

    we have a right to know the name of the thief

    we have a right to know the name of the thief
    ... was it neocon? , Chinese, ?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This