Now That Everyone Knows How Valuable VA Data Is… It Gets Stolen Again

from the ooops dept

Just as news reports are spreading about how the thieves who stole the laptops containing personal data of millions of vets from the Veterans Affairs department have have been caught, it appears the VA has a new problem to deal with: more data has been stolen, this time from the office of a contractor (though, on a desktop machine, not a laptop). Again, there’s no explanation so far why this contractor had the data, or why it wasn’t encrypted. However, it sounds like the VA may need to go back and reinstate their offer for free credit monitoring, which they had pulled after they determined that the data on the original laptop had not been accessed.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Now That Everyone Knows How Valuable VA Data Is… It Gets Stolen Again”

Subscribe: RSS Leave a comment
Franssu says:

This comes from a government willing to monitor each and everyone of its citizens, creating huge database full of confidential info about everyone.

And then, anybody’ll be able to know anything about anyone, just because the data is not protected at all.

But it’s election year, right ? Please someone reassure me and tell me you’ll put these frackheads out of office for good.

DreadedOne509 says:

Our Government? pffttt!

Our government is so awash in scandalous activities that they have no time to ponder the ramifications of their actions in Congress, let alone safe-guard our private information when it is so carelessly assembled and archived.

I would like to think we could vote some of these asshats that allow this to happen out of office, but they use buzzwords and misdirection to get people to look away from the important issues. Words like ‘national security’, safety et al. What a fricken joke, they can’t even ‘secure’ a fricken computer…

Leeland says:

Welcome home vets...

“Welcome Home…I just heard you went on a shopping spree while you were flying back…hope ya got some good deals :P”

It’s sad that this is happening to our vets (I’m in this boat too). I still can’t comprehend WHY anyone is allowed to take information out of the building. That was unheard of where I was stationed…and that was in the early 90’s.

Anonymous Coward says:

Maybe companies should try hiring REAL eomployees, who actually care.

I’m not knocking the contractors specifically, I’m one – but how are we expected to even care when we’re gonna be there for 90 days?

I still do my job, and I consider the company’s data security to be a part of that. While you’ll find many contractors with the same opionion – most certainly not all share that value.

Especially government contractors. They do 95% of the work while most of the Feds sit around, sleep in their offices, take days off, etc..

Maybe they’ll come looking for me now, but it’s the truth… I’ve been there 🙂

David Murphy says:

stolen sensitive information/i.d. theft

We all know that corporations and goverment agencies have spent billions trying to lock down sensitive data…and it walks out the front door on mobile devices. Most people just want to do their job. Every day we read about this data being lost, stolen or temporarily misplaced. What’s disturbing about this recent VA story is the data was stored on a contractor’s PC. Why? There is another way.

I’m the CEO of a web service company that offers users easy, totally secure, completely accurate, access to their information with a comprehensive tracking capability.

Knowing that we have worked out a secure way to access, store, share and track data leads me to believe these corporations and government agencies don’t really believe they have a prolem, that encrytion is the answer. No true. There’s another possibility…They don’t know how to fix the problem.

These problems are huge and we should all be very concerned.

Don Gray says:

Re: stolen sensitive information/i.d. theft


I’ll accept the “totally secure” description of your service. If your willing to suspend disbelief, so am I.

However, even assuming that you have created a secure environment for data ON YOUR SERVERS, IN AN ENVIRONMENT YOU CONTROL, what exactly does that have to do with the people who are accessing said information securely and placing a copy on their crappily secured laptop that they use to update their myspace site and surf porn?

It’s easy to take shots at the VA and other government agencies. Hell, I do it all the time. But to suggest that there is anything approaching a simple fix to the problems is disingenuous at best.

There are so many attack vectors and so much information managed so poorly by people who have little knowledge about basic security, and as you said are just trying to get their job done, that the fact that this doesn’t happen more often frankly amazes me.

David Murphy says:

Re: Re: stolen sensitive information/i.d. theft

Don Gray,

Instead of your negative posture laced with arrogance, you should be posing questions inviting intelligent dialogue or making suggestions rather than sitting on a pirch offering criticizm or at a minimum vacuous comments. If you have expertise in the security space, state a solution. This problem, enormous as it is, must be solved with a new paradigm. We will begin to offer responsible mobile professionals with another way to do business.

By the way, this problem affects financial institutions more often than government agencies.

Don Gray says:

Re: Re: Re: stolen sensitive information/i.d. thef

If they were responsible mobile professionals we wouldn’t be having half these problems.

A “totally secure” solution that works for responsible, sensible, security aware information workers is an awesome solution; IF YOU HAVE RESPONSIBLE, SENSIBLE, SECURITY AWARE information workers…

But they don’t. And the information owners are scarcely any better.

The PEOPLE are the problem.

People allow access to information that shouldn’t be granted.

People allow information that shouldn’t be removed from it’s secure strorage to be removed.

People allow unsecured machines to hold sensitive information.

People allow other unqualified people to responsible for the care and welfare of sensitive information.

People allow information to be obtainable and usable only in a decrypted form.

I think someone who is touting their mobile security platform (if that’s what it is) as the solution to all the VA (and financial institution) information-leaking-ills is the arrogant one.

Until there are real, painful consequences to the leaking of private information, it will continue. Pay each person $1000 everytime their information is leaked and I bet you see organizations start to take it seriously.

The cost of non-compliance must be much larger than the cost of compliance.

Nathan Kully (user link) says:

Are you serious!?!?!

Absolutely rediculous….

I am sick of using the “when will they ever learn…” phrases to describe what’s been going on with the VA lately, but this is absolutely inexcusable. There is no reason why the data on that desktop was not encrypted, I mean, did they learn a darn thing after nearly costing millions of vets their credit? I just can’t believe that Nicholson would allow this to happen yet again.

I can’t imagine how vets must be feeling seeing as their VA office constantly has let them down over the past few months. For goodness sake guys, how do you think the rest of the world looks at our veterans and military system these days. If this instance doesn’t teach you a lession to encrypt and not be dumb with data then I do not know what will…

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...