VA Reminds Thief How Valuable Stolen Data Is
from the perhaps-not-the-best-plan dept
Earlier this week, we noted that the Department of Veterans Affairs seemed to be hoping that whoever stole a laptop and hard-drive with lots of veterans’ private info was too stupid to know what they had stolen. However, it seems they’re doing their very best to make sure everyone realizes it’s quite valuable. They’ve now put up a $50,000 reward for any info leading to the recovery of the data. Of course, should the thief hear about this, then what’s to stop him (or her) from simply copying the data and then figuring out a way to return the laptop and get the $50,000? Not that security through obscurity was likely to work in this case, but it seems sort of odd that they were so adamant that thief likely had no idea how valuable the data was — and then put a price on it and blasted it all over the news.
Comments on “VA Reminds Thief How Valuable Stolen Data Is”
VA Reminds Thief How Valuable Stolen Data Is…
And so does TechDirt!!!
Thanks guys I appreciate that. 🙁
Re: Re:
yeah, cause tech dirt is going to be where he finds out!
retard
Re: Re:
The professional press is out of control in this country. It has been so for a long time. I am a liberal Democrat and have been one my entire voting life. I am retired now. I realize that we need a free press. This is a Democracy, but use your head sometimes. We know how to keep some things totally secret. Sometimes we have a leak, but some things are so top secret the public will knew know what really happened. This is just too much information, but it is what I expected.
Re
oh my gosh…
I am one of the veterans whose social security number has been exposed. I was honorably discharged from the army in 1983. I wonder if the VA is responsible for this or if the press is.
Re: Re:
no,
it’s the bird brain at the dept of veterans affairs that took the files home on the pc that is responsible for my name and social and claim number being compromised.
no one else, he or she is the one guilty of criminal behavior.
what’s that jerks name? that’s what i want to know.
so i guess i just keep paying Wells Fargo to monitor my personal information on the national credit bureaus.
Re: Discharge
Actually, I think you are chiefly responsible for your honorable discharge, along with the Army.
Thank you for your service to our country!!
(Just playing with the ambiguity of the predecessor of “this”) 😉
It's their fault...
That’s what each party will say while pointing fingers in the other direction.
It is the internets fault
I think we should shut it down before the terrorists use it to kill us all.
Well, once again our super intelligent government is doing it’s normal don’t let the right hand know how bad the left hand screwed up. Gotta love the VA, until now we only thought it was ran by a bunch of brainiacs, no we know for sure….
Lost laptops
Reminds me of a notice I saw stuck to the inside of a phonebox in London, something like
“I lost my laptop here. If anybody found it please get in touch with me immediately! I will pay a reward. Very important – NO POLICE. Please DO NOT HAND IT IN TO THE POLICE”
and the guy put his phone number. LMAO
I wonder what was on that laptop? I resisted the urge to copy down the number for future entertainment.
Encrypted hard drives people!
Re: Lost laptops
maybe child pornography or ways to avoid the toll in the chunnel….
The Washington Post printed the date, timeframe, neighborhood, and the fact that at least two identical neighborhood burglaries occurred within hours of each other.
Yeah...
I tend to agree with the posts at the top. A definite faux pas, there, Mike. Twice, too, it seems.
Re: Yeah...
I tend to agree with the posts at the top. A definite faux pas, there, Mike. Twice, too, it seems.
Are you serious? It was the VA that lost the data. It was the VA who claimed that no one would know about it and it was the VA that then went out and told everyone how valuable it was and promoted it everywhere.
To blame *us* for anything is just bizarre.
Re: Re: Yeah...
If someone makes a mistake, and you repeat the mistake, are you not responsible for your actions? Of course you are.
Yes, the VA screwed up. No one’s arguing that. What I (and others) are claiming is that you have repeated that mistake by posting the same reward and information here.
It showed up on my Google homepage for crying out loud! I didn’t even have to search for it!
But, hey, it’s your story. Tell it how you want.
Re: Re: Re: Yeah...
If someone makes a mistake, and you repeat the mistake, are you not responsible for your actions? Of course you are.
We’re not the ones giving away $50,000 to let everyone know how important the data is.
Making a mistake and reporting a mistake are two amazingly different things.
network???
why did the user have the data stored on the harddrive…moron…thats what the secure network is for…if he needed to work on it at home…remote into the network and work on it, dont download that stuff to your harddrive…fire the dumbass…oh, and by the way, yes i am a veteran. a mad 1 at that.
well...
At least the VA is making an effort to attempt to recover the data. The $50,000 would be a pretty good incentive for someone to even turn in their friend.
It’s a pity organizations haven’t learned to protect their data, and keep employees from taking sensitive data like this home with them. At the very least the VA should of had a program on that laptop to call home the next time it got hooked into the net. Little late for that now though…
It’s a HORRIBLE crime to steal identities..
Unless, of course you’re stealing social security numbers so you can work in the U.S. – then that kind of identity theft is ok…
gotta be kiddin me?
$50,000 reward for the laptop and a duplicate of the hard drive should be worth what??? another $50,000??? and another… and another… That’s a great idea 😐 Way to to smacko! Promote the theft of corporate data instead of punnishing the person responsible for having that crap on their hard drive.
not the press's fault
Not sure why Felix & Tim & others are putting any blame on the press or Techdirt or Mike.
The VA and the FBI are OFFERING A REWARD! They are asking for publicity in order to get people to call leads in to their tip line.
But how many of these types of incidents do there need to be before the companies with tons of sensitive customer data adopt some decent security policies?
I'm sure...
1. that the laptop in question has been destroyed
2. that the data on it is in the possession of someone who will use it for no good (i.e. organized crime organization of some sort.)
3. the guy who stole it is either dead or paid off.
They better not publish the idiot’s name. He’s got millions of veterans PO’d about it, and who knows how many of them have guns.
I wish I knew the guy's name
I’d hunt him down and beat him about the head and shoulders with an encryption algorithm.
The story that won't be told
Will be why this guy was taking work home for 3 years.
Is the VA IT staff so overworked they need to take home work?
Re: The story that won't be told
“Is the VA IT staff so overworked they need to take home work?”
Most investigations into incidents where an employee does some boneheaded thing that any moron knows is a breach of security turn up the following:
Data Loss
The US is so concerned about being able to collect taxes that we are now at risk daily from information theft that we cannot see, prevent, or stop.
The VA should have 2 pieces of information, the ID of the Veteran, and where to mail the checks. Problem Solved.
Compartmentalize the data, then no single loss will result in significant risk.
how do I know...
Is there any way to find out if our ssn was one of the one’s compromised? I’m a vet, but don’t know where to find out any info about if we can find out if we’re compromised.
Re: how do I know...
I remember hearind that SSN was one of the items stolen.
Lets see if I can find the article.
Here is is
“names, dates of birth and Social Security numbers”… Thats all they need…
Business rules can and need to be put in place so
when are companies going to learn not to store sensitive information on laptops or PC.s there is no reason for this. This information can be stored on a secure network server. People loose or have their laptop stolen all the time. Business rules can and need to be put in place so this will not happen or at least makes it much more difficult. Companies should be forced to pay large fines for handling data so poorly and people should go to jail for covering it up or not reporting it in a timely manner.
ouch
When you use words like retard I feel stupid and it hurts me.
Last time I loosed my laptop it never came home!. But seriously folks, the press is bad for the people involved, but I’d glad we here about these incidents. Eventually (2089 by my estimates) we’ll stop allowing companies to verify our identity without actually verifying it. If you falsely verify someone’s identity…then you have verified nothing at all. I’ve not been hit by identity fraud (that I know of) and certainly a personal attack would stir anyone’s passions about this issue. So, rant at us, rage at your politicians and berate these companies/organizations that lose and misuse this data. Then, lets all calm down and figure out BETTER ways to operate.
I would not be opposed to a one time tax to pay for fraud prevention for our veterans. Without them, we wouldn’t have anything worthwhile to tax.
Thanks guys/girls for serving your country, hopefully your country can serve you now.
Stolen Laptop
The bad part about this is the VA does have regulations and secure access from avaiablility? So If my name was on this system the I am definitely going to file a lawsuit against the VA and the individual responsible!
Re: Stolen Laptop
Oh for crying out loud… when the DOD changed our Service Numbers to be our SSN you had your SSN written on the face of every check you cashed at the Post PX or Navy Exchange.
Apply some common sense and flag your new vulnerability to the Credit Bureaus and quit worrying abou suing somebody. Sheesh.
Stolen Laptop
The bad part about this is the VA does have regulations and secure access from avaiablility? So If my name was on this system the I am definitely going to file a lawsuit against the VA and the individual responsible!
OOPS
sorry for the typos.
VA has secure access from in place.
OOPS again
sorry, working from cell phone and more typos, previous should read:
Va has secure access from home in place.
And we call ourselves the most intelligent life fo
At least the one good thing is, they haven’t released to much information. The bad thing is now every criminal who has stolen a laptop will be looking at their “earnings” trying to see if they were the one. So, despite the press not releasing to much info, they’ve already released enough information to cause problems.
You have a security breach, don’t tell the press, go to the law enforcement agency and solve the crime, then tell the press once the breach has been resolved and the information is back in the right hands.
Or, go on TV or put an ad in the paper with let every reader/watcher know your SSN, DOB, Name and Credit Card number.
Re: And we call ourselves the most intelligent lif
The Washington Post has printed the date of the theft, the name of the town (Neighborhood, actually, the fact that two breakins occurred within a few blocks of each with similar MO’s and the span of hours during which the break-ins occurred.
Terrible judgement.
Reward System
Who would turn it in for the reward?
Kind of like the line from Pee Wee’s big adventure:
“Dottie – How are you ever going
to pay a reward like that?”
“Pee Wee – It’s simple.
Whoever returns the bike is obviously
the person who stole it.
So they don’t deserve any reward!”
What a shame that our vets are now further exposed to the possibility of identity theft…
A better use for the money
I wonder how $50,000 compares to the cost of simply buying up all the laptops and hard drives available at the pawn shops nearest to the location of the burglary?
I’d expect a competent business which had a laptop full of data stolen to do this, but…
we have a right to know the name of the thief
we have a right to know the name of the thief
… was it neocon? , Chinese, ?