Now That Everyone Knows How Valuable VA Data Is… It Gets Stolen Again
from the ooops dept
Just as news reports are spreading about how the thieves who stole the laptops containing personal data of millions of vets from the Veterans Affairs department have have been caught, it appears the VA has a new problem to deal with: more data has been stolen, this time from the office of a contractor (though, on a desktop machine, not a laptop). Again, there’s no explanation so far why this contractor had the data, or why it wasn’t encrypted. However, it sounds like the VA may need to go back and reinstate their offer for free credit monitoring, which they had pulled after they determined that the data on the original laptop had not been accessed.
Comments on “Now That Everyone Knows How Valuable VA Data Is… It Gets Stolen Again”
This comes from a government willing to monitor each and everyone of its citizens, creating huge database full of confidential info about everyone.
And then, anybody’ll be able to know anything about anyone, just because the data is not protected at all.
But it’s election year, right ? Please someone reassure me and tell me you’ll put these frackheads out of office for good.
Our Government? pffttt!
Our government is so awash in scandalous activities that they have no time to ponder the ramifications of their actions in Congress, let alone safe-guard our private information when it is so carelessly assembled and archived.
I would like to think we could vote some of these asshats that allow this to happen out of office, but they use buzzwords and misdirection to get people to look away from the important issues. Words like ‘national security’, safety et al. What a fricken joke, they can’t even ‘secure’ a fricken computer…
Secy.Rice4Prez!!!
Re: Re:
“Secy.Rice4Prez!!!”
Surely you jest! The only thing she has accomplished is to convince Georgie to keep her around, as if he is a good judge of character.
Down with all incumbents – vote for None of the Above!!
Welcome home vets...
“Welcome Home…I just heard you went on a shopping spree while you were flying back…hope ya got some good deals :P”
It’s sad that this is happening to our vets (I’m in this boat too). I still can’t comprehend WHY anyone is allowed to take information out of the building. That was unheard of where I was stationed…and that was in the early 90’s.
Forget all the ramifications of the lack of computer security. Let’s drop back a few steps and look at the physical security.
Maybe companies should try hiring REAL eomployees, who actually care.
I’m not knocking the contractors specifically, I’m one – but how are we expected to even care when we’re gonna be there for 90 days?
I still do my job, and I consider the company’s data security to be a part of that. While you’ll find many contractors with the same opionion – most certainly not all share that value.
Especially government contractors. They do 95% of the work while most of the Feds sit around, sleep in their offices, take days off, etc..
Maybe they’ll come looking for me now, but it’s the truth… I’ve been there 🙂
stolen sensitive information/i.d. theft
We all know that corporations and goverment agencies have spent billions trying to lock down sensitive data…and it walks out the front door on mobile devices. Most people just want to do their job. Every day we read about this data being lost, stolen or temporarily misplaced. What’s disturbing about this recent VA story is the data was stored on a contractor’s PC. Why? There is another way.
I’m the CEO of a web service company that offers users easy, totally secure, completely accurate, access to their information with a comprehensive tracking capability.
Knowing that we have worked out a secure way to access, store, share and track data leads me to believe these corporations and government agencies don’t really believe they have a prolem, that encrytion is the answer. No true. There’s another possibility…They don’t know how to fix the problem.
These problems are huge and we should all be very concerned.
Re: stolen sensitive information/i.d. theft
OK.
I’ll accept the “totally secure” description of your service. If your willing to suspend disbelief, so am I.
However, even assuming that you have created a secure environment for data ON YOUR SERVERS, IN AN ENVIRONMENT YOU CONTROL, what exactly does that have to do with the people who are accessing said information securely and placing a copy on their crappily secured laptop that they use to update their myspace site and surf porn?
It’s easy to take shots at the VA and other government agencies. Hell, I do it all the time. But to suggest that there is anything approaching a simple fix to the problems is disingenuous at best.
There are so many attack vectors and so much information managed so poorly by people who have little knowledge about basic security, and as you said are just trying to get their job done, that the fact that this doesn’t happen more often frankly amazes me.
Re: Re: stolen sensitive information/i.d. theft
Don Gray,
Instead of your negative posture laced with arrogance, you should be posing questions inviting intelligent dialogue or making suggestions rather than sitting on a pirch offering criticizm or at a minimum vacuous comments. If you have expertise in the security space, state a solution. This problem, enormous as it is, must be solved with a new paradigm. We will begin to offer responsible mobile professionals with another way to do business.
By the way, this problem affects financial institutions more often than government agencies.
Re: Re: Re: stolen sensitive information/i.d. thef
If they were responsible mobile professionals we wouldn’t be having half these problems.
A “totally secure” solution that works for responsible, sensible, security aware information workers is an awesome solution; IF YOU HAVE RESPONSIBLE, SENSIBLE, SECURITY AWARE information workers…
But they don’t. And the information owners are scarcely any better.
The PEOPLE are the problem.
People allow access to information that shouldn’t be granted.
People allow information that shouldn’t be removed from it’s secure strorage to be removed.
People allow unsecured machines to hold sensitive information.
People allow other unqualified people to responsible for the care and welfare of sensitive information.
People allow information to be obtainable and usable only in a decrypted form.
I think someone who is touting their mobile security platform (if that’s what it is) as the solution to all the VA (and financial institution) information-leaking-ills is the arrogant one.
Until there are real, painful consequences to the leaking of private information, it will continue. Pay each person $1000 everytime their information is leaked and I bet you see organizations start to take it seriously.
The cost of non-compliance must be much larger than the cost of compliance.
Are you serious!?!?!
Absolutely rediculous….
I am sick of using the “when will they ever learn…” phrases to describe what’s been going on with the VA lately, but this is absolutely inexcusable. There is no reason why the data on that desktop was not encrypted, I mean, did they learn a darn thing after nearly costing millions of vets their credit? I just can’t believe that Nicholson would allow this to happen yet again.
http://www.techknowbizzle.com/2006/07/times-getting-even-tougher-for-vets.html
I can’t imagine how vets must be feeling seeing as their VA office constantly has let them down over the past few months. For goodness sake guys, how do you think the rest of the world looks at our veterans and military system these days. If this instance doesn’t teach you a lession to encrypt and not be dumb with data then I do not know what will…
http://www.essentialsecurity.com/Documents/article16.htm