Now That Everyone Knows How Valuable VA Data Is... It Gets Stolen Again

from the ooops dept

Just as news reports are spreading about how the thieves who stole the laptops containing personal data of millions of vets from the Veterans Affairs department have have been caught, it appears the VA has a new problem to deal with: more data has been stolen, this time from the office of a contractor (though, on a desktop machine, not a laptop). Again, there's no explanation so far why this contractor had the data, or why it wasn't encrypted. However, it sounds like the VA may need to go back and reinstate their offer for free credit monitoring, which they had pulled after they determined that the data on the original laptop had not been accessed.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Franssu, Aug 7th, 2006 @ 12:38pm

    This comes from a government willing to monitor each and everyone of its citizens, creating huge database full of confidential info about everyone.

    And then, anybody'll be able to know anything about anyone, just because the data is not protected at all.

    But it's election year, right ? Please someone reassure me and tell me you'll put these frackheads out of office for good.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    DreadedOne509, Aug 7th, 2006 @ 1:29pm

    Our Government? pffttt!

    Our government is so awash in scandalous activities that they have no time to ponder the ramifications of their actions in Congress, let alone safe-guard our private information when it is so carelessly assembled and archived.

    I would like to think we could vote some of these asshats that allow this to happen out of office, but they use buzzwords and misdirection to get people to look away from the important issues. Words like 'national security', safety et al. What a fricken joke, they can't even 'secure' a fricken computer...

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    One~, Aug 7th, 2006 @ 1:30pm

    Secy.Rice4Prez!!!

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Leeland, Aug 7th, 2006 @ 1:33pm

    Welcome home vets...

    "Welcome Home...I just heard you went on a shopping spree while you were flying back...hope ya got some good deals :P"

    It's sad that this is happening to our vets (I'm in this boat too). I still can't comprehend WHY anyone is allowed to take information out of the building. That was unheard of where I was stationed...and that was in the early 90's.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Aug 7th, 2006 @ 1:44pm

    Forget all the ramifications of the lack of computer security. Let's drop back a few steps and look at the physical security.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Aug 7th, 2006 @ 1:47pm

    Maybe companies should try hiring REAL eomployees, who actually care.

    I'm not knocking the contractors specifically, I'm one - but how are we expected to even care when we're gonna be there for 90 days?

    I still do my job, and I consider the company's data security to be a part of that. While you'll find many contractors with the same opionion - most certainly not all share that value.

    Especially government contractors. They do 95% of the work while most of the Feds sit around, sleep in their offices, take days off, etc..

    Maybe they'll come looking for me now, but it's the truth... I've been there :)

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    David Murphy, Aug 7th, 2006 @ 2:07pm

    stolen sensitive information/i.d. theft

    We all know that corporations and goverment agencies have spent billions trying to lock down sensitive data...and it walks out the front door on mobile devices. Most people just want to do their job. Every day we read about this data being lost, stolen or temporarily misplaced. What's disturbing about this recent VA story is the data was stored on a contractor's PC. Why? There is another way.

    I'm the CEO of a web service company that offers users easy, totally secure, completely accurate, access to their information with a comprehensive tracking capability.

    Knowing that we have worked out a secure way to access, store, share and track data leads me to believe these corporations and government agencies don't really believe they have a prolem, that encrytion is the answer. No true. There's another possibility...They don't know how to fix the problem.

    These problems are huge and we should all be very concerned.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Don Gray, Aug 7th, 2006 @ 3:32pm

    Re: stolen sensitive information/i.d. theft

    OK.

    I'll accept the "totally secure" description of your service. If your willing to suspend disbelief, so am I.

    However, even assuming that you have created a secure environment for data ON YOUR SERVERS, IN AN ENVIRONMENT YOU CONTROL, what exactly does that have to do with the people who are accessing said information securely and placing a copy on their crappily secured laptop that they use to update their myspace site and surf porn?

    It's easy to take shots at the VA and other government agencies. Hell, I do it all the time. But to suggest that there is anything approaching a simple fix to the problems is disingenuous at best.

    There are so many attack vectors and so much information managed so poorly by people who have little knowledge about basic security, and as you said are just trying to get their job done, that the fact that this doesn't happen more often frankly amazes me.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    David Murphy, Aug 7th, 2006 @ 4:36pm

    Re: Re: stolen sensitive information/i.d. theft

    Don Gray,

    Instead of your negative posture laced with arrogance, you should be posing questions inviting intelligent dialogue or making suggestions rather than sitting on a pirch offering criticizm or at a minimum vacuous comments. If you have expertise in the security space, state a solution. This problem, enormous as it is, must be solved with a new paradigm. We will begin to offer responsible mobile professionals with another way to do business.

    By the way, this problem affects financial institutions more often than government agencies.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    dataguy, Aug 8th, 2006 @ 6:13am

    Re:

    "Secy.Rice4Prez!!!"

    Surely you jest! The only thing she has accomplished is to convince Georgie to keep her around, as if he is a good judge of character.

    Down with all incumbents - vote for None of the Above!!

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Don Gray, Aug 8th, 2006 @ 11:44am

    Re: Re: Re: stolen sensitive information/i.d. thef

    If they were responsible mobile professionals we wouldn't be having half these problems.

    A "totally secure" solution that works for responsible, sensible, security aware information workers is an awesome solution; IF YOU HAVE RESPONSIBLE, SENSIBLE, SECURITY AWARE information workers...

    But they don't. And the information owners are scarcely any better.

    The PEOPLE are the problem.

    People allow access to information that shouldn't be granted.
    People allow information that shouldn't be removed from it's secure strorage to be removed.
    People allow unsecured machines to hold sensitive information.
    People allow other unqualified people to responsible for the care and welfare of sensitive information.
    People allow information to be obtainable and usable only in a decrypted form.

    I think someone who is touting their mobile security platform (if that's what it is) as the solution to all the VA (and financial institution) information-leaking-ills is the arrogant one.

    Until there are real, painful consequences to the leaking of private information, it will continue. Pay each person $1000 everytime their information is leaked and I bet you see organizations start to take it seriously.

    The cost of non-compliance must be much larger than the cost of compliance.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Nathan Kully, Aug 8th, 2006 @ 1:36pm

    Are you serious!?!?!

    Absolutely rediculous....

    I am sick of using the "when will they ever learn..." phrases to describe what's been going on with the VA lately, but this is absolutely inexcusable. There is no reason why the data on that desktop was not encrypted, I mean, did they learn a darn thing after nearly costing millions of vets their credit? I just can't believe that Nicholson would allow this to happen yet again.
    http://www.techknowbizzle.com/2006/07/times-getting-even-tougher-for-vets.html

    I can't imagine how vets must be feeling seeing as their VA office constantly has let them down over the past few months. For goodness sake guys, how do you think the rest of the world looks at our veterans and military system these days. If this instance doesn't teach you a lession to encrypt and not be dumb with data then I do not know what will...
    http://www.essentialsecurity.com/Documents/article16.htm

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This