VA's Plan To Advertise Value Of Data Leak Worked

from the in-hindsight dept

Back in May, following the theft of one of its employee's laptops containing personal data on 50,000 veterans, the VA tried a new version of security-via-obscurity. It first said that chances where the thieves had no idea about the data, and probably just stole the laptop for its resale value. They then followed this up by doing their best to make them aware how valuable it was, putting up a $50,000 reward and pumping it up in the press. The FBI said at the end of June the machine had been recovered, and now, the thieves have been apprehended, and told police they didn't know they'd gotten anything more than a random laptop until -- yes, you guessed it -- the theft got publicized. Admittedly, companies or governmental groups in this situation are in a bit of a bind. They need to own up to people whose information they've lost that they are at risk, but should exercise a bit of restraint in putting the story out so they don't alert otherwise ignorant thieves to the real value of the computers they've stolen. Though undoubtedly any attempt at restraint is likely to be interpreted as a cover-up or ignoring the problem. The real solution, of course, is to prevent the data leaks. While the question of whether or not the data in the VA case is at risk seems to be answered, the bigger question remains: why did an employee have the personal information on 26.5 million veterans on a laptop, let alone at their home?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Ralph, Aug 7th, 2006 @ 9:24am

    Does it BELONG to the VA or are you saying VA is?

    Apostrophe abuse!

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Lay Person, Aug 7th, 2006 @ 9:34am

    Re: Does it BELONG to the VA or are you saying VA

    Uhhhh....

    It belongs to the VA...

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    eb, Aug 7th, 2006 @ 9:37am

    Why?

    Maybe because he's an idiot? From what I read, he was apparently working on some sort of "vanity" project, trying to validate the results of a survey.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    EasyJim, Aug 7th, 2006 @ 10:04am

    Ralph with the itchy trigger finger

    Sir, with all due respect, it is correctly: the plan that belongs to the VA. In other words, the VA's plan.

    Just as written originally.

    No apostrophes were harmed in the making of this post.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Aug 7th, 2006 @ 10:11am

    While the employee might have been an idiot the real blame rests with the VA who never should have allowed such data to be contained anywhere but a secure server.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Nathan Kully, Aug 7th, 2006 @ 10:22am

    3.5 months later...why now?

    I can't say this enough, if that data was encrypted we wouldn't have to listen to any more BS about this issue. I am sick and tired of hearing different information on this stupid laptop, yes the VA was dumb and let this information get out, but this has to be at least the 3rd or 4th different story on how they got it back.

    First it was claimed that someone turned in the laptop that he bought from the back of a truck when he saw the $50,000 reward. Now they are saying that there was a tip that allowed the government to somehow get the data back...oh and they've yet to specify exactly how they got it back on June 28th. Get your story straight because I am having trouble believing a darn thing that the government announces these days.
    http://www.techknowbizzle.com/2006/07/times-getting-even-tougher-for-vets.html

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    G.I. Joe, Aug 7th, 2006 @ 10:31am

    VA = Vaginal Atrophy

    VA still means the State of Virginia to most people. Is it soooo hard to type Veterans Administration? You're not in the military (obviously they're incompetent too), so write a friggin' article AND SPELL S**T OUT YOU MORONS! I'm tired of acronyms with multiple meanings. There is too many. Don't contribute to the madness and stupidity. Keep it up and I'll cut the phone line to your mobile home when you're busy screwing your father's best goat.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Lay Person, Aug 7th, 2006 @ 10:43am

    #7 VA = ?WHAT?

    G.I. Joe:

    This is TechDirt. Stories and matters about technology.
    Technology as well as the military use nothing but acronyms.

    I'm quite certain that once a person recognizes the context, the use of the acronym becomes clear. It may be unclear to those unintiated to the story.

    I never questioned the acronym yet I imagine sthat there are people who question it. Perhaps if the contributor at least writes the entire reference once in parentheses to eliminate any doubts.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Theoden, Aug 7th, 2006 @ 11:02am

    Re: VA = Vaginal Atrophy

    Actually, Virginia is a Commonwealth, not a state.

    "There is too many" is not correct either, so before you jump on someone else's 'mistakes' you should correct your own, Joe.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    NewJerseyKid, Aug 7th, 2006 @ 11:19am

    I don't know why I cared enough to post this, but Virginia is a state. Get over yourself.

    http://en.wikipedia.org/wiki/Commonwealth_%28United_States%29

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Justin, Aug 7th, 2006 @ 11:34am

    Wait, this isn't a story about a Vein Assknocker? Shoot.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Aug 7th, 2006 @ 11:40am

    Virginia not a state?????

    Virginia is too a state. You can't count to 50 stars on our flag without it. However, a few of the southern states (including Virginia) do use the term "commonwealth" as a title of the state. But it's still a state. The only actual commonwealths around the USA (by dictionary definition) are places like Puerto Rico and the Northern Mariana Islands, which are stand-alone territories voluntarily related to the USA, not states under direct USA control.

    Info source: http://encarta.msn.com/dictionary_1861599003/Commonwealth.html

    I think maybe you should take your own advice and a do a little research so you can come up with an intelligent response instead of just mouthing off like you know everything and then end up being wrong.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Aug 7th, 2006 @ 11:45am

    Re: #7 VA = ?WHAT?

    The VA (which may be headquartered in VA) could have avoided the widespread AV coverage of this if the VA had performed a proper VA on the data storage methods in general and this laptop in particular.

    Lexis Nexis shows no reference to Nessus with this story.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Aug 7th, 2006 @ 12:08pm

    Re:

    Umm... that Article says VA is a Commonwealth...

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Aug 7th, 2006 @ 12:25pm

    Virginia is a state, period.

    "Commonwealth" is just a fancy title. As you can see, it dates way back. Just try counting the stars on our flag without Virginia and see if you make it to 50. Virginia is a state that just happens to refer to itself as a commonwealth at times. By dictionary definition, every state in the USA can be considered a commonwealth, but they are still states. For that matter, the USA as a whole could be called a commonwealth.

    I think a more accurate usage of the term would be for places like Puerto Rico, which are associated with the USA but are not states. For info on this, see below:

    http://en.wikipedia.org/wiki/Commonwealth_%28U.S._insular_area%29

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Theoden, Aug 7th, 2006 @ 12:25pm

    Re: Re:

    Go easy on him...he's from New Jersey.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    the awkward observer, Aug 7th, 2006 @ 1:09pm

    again???

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    mikhail, Aug 7th, 2006 @ 1:18pm

    Re: Does it BELONG to the VA or are you saying VA

    Ralph's comment clearly illustrates a key factor;
    Ralph's an idiot.

    To end on a kind note, hopefully Ralph's preparing for his epic journey into middle school as the freedom of summer draws to a close (or even lower on the totem pole, from one who still has at least a faint bit of belief in the educational system).

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    NewJerseyKid, Aug 7th, 2006 @ 1:28pm

    Actually, it's a state with "commonwealth" in its formal name. To quote Fight Club, "Putting feathers up your butt does not make you a chicken." The People's Republic of China is hardly a republic, and whatever Virginia might like to call itself, to qtfa:

    "Four of the constituent states of the United States officially designate themselves Commonwealths"

    They are states, which formally designate themselves as commonwealths ... but states, nonetheless.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    my2cents, Aug 7th, 2006 @ 1:33pm

    the VA by any other name is just the same.

    Why are people so quick to judge other people’s writing. The whole purpose of writing, talking, or even gesturing is to communicate a certain point. And during that communication, it is assumed that every participant, or in this case-- every reader on this site, is on some basic level of general knowledge, and shares a common interest. Granted, the author should have spelled out Veterans Administration the first time he used it in the article, followed by "(VA)", as we all learned in school. But as someone mentioned, this is a tech site. And we're all here as techies, not literary bards. The point of the article surrounds key words such as-- stolen. data. government. veterans. laptop. security. recovered. NOT “VA”, “the VA”, or “the VA is”. Let's try to get over ourselves. One other thing while I’m on this soapbox: People work, people are preoccupied, people are tired, or whatever the case may be. So we're all prone to misinterpreting things regardless of how smart we think we are. A coworker with a Masters degree who works the night the shift with me was reading an article aloud to the rest of us on night. She was feeling so smart and confident, probably congratulating herself on how fast she was reading and how intelligent she sounded when she came across the word "indicted" (in-DIE-ted). She mispronounced it-- "inDICKted" and we all busted out laughing….including her when she realized the brain slip.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    my2cents, Aug 7th, 2006 @ 1:41pm

    Re: 3.5 months later...why now?

    I totally agree. But encryption or no encryption, there's no reason that information should have even been on a laptop.. let alone, allowed to leave the building. I understand people want to telecommute or whatever, but when you work in certain positions handling sensitive, confidential, or even secret information, there's no way that should even be an option. The exception being someone like the head an agency with some kind of security detail, or security procedure. Other than that, everyone else needs to bring their ass to work.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Lay Person, Aug 7th, 2006 @ 1:45pm

    Easy...

    Easy on Ralphie you guys.

    What if he's like the Ralphie on the Simpsons, he's probably sincere yet misinformed.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Acronyminalist, Aug 7th, 2006 @ 1:56pm

    VA

    Even though I live in VA and have basically nothing to do with the V.A., it seemed easy enough to figure out which this meant.

    On the actual topic: It is extremely difficult to control the copying of business data by employees. Although anything can be hacked, encryption makes it more difficult to use data on a stolen device or removable media. I suppose this well publicized incident will influence many organizations with sensitive data to evaluate the effort of doing this vs. the risk of not doing it.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Aaron, Aug 7th, 2006 @ 2:28pm

    Commonwealth vs. State

    So...is a tomato a fruit or a vegetable? And once it's turned into pizza sauce, does it really f'ing matter?

    On to the article! I think on balance, putting out the word is a good thing. Data leaks, even if all the best security policies are in place, will most certainly happen. It's better to be (or even just appear) serious about the matter than just hoping nothing bad happens.

    Just like individuals making software security leaks public alerts hackers of an exploit, it also puts pressure on the company to fix the problem. Embarassing mistakes are only bad news if you don't fix the problem.

    The VA can come out of this more secure, where if they had not said anything, they probably wouldn't change the culture that brought it on in the first place.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Hop Sing, Aug 7th, 2006 @ 2:43pm

    Re: VA = Vaginal Atrophy

    That has to be the stupidest comment I have read! The most constructive comment you made was the period at the end of the sentence. Next time you think you have something important to say just go ahead and bang your head against a wall. Better still cover your nose and mouth, cross your legs and fart. Maybe that will clear your mind. In the meantime here are a couple of other acronyms you might like. Sorry I didn't spell it out, thought maybe you can sound them out for yourself.
    F.U. A.H., M.F.P.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This