VA's Plan To Advertise Value Of Data Leak Worked
from the in-hindsight dept
Back in May, following the theft of one of its employee’s laptops containing personal data on 50,000 veterans, the VA tried a new version of security-via-obscurity. It first said that chances where the thieves had no idea about the data, and probably just stole the laptop for its resale value. They then followed this up by doing their best to make them aware how valuable it was, putting up a $50,000 reward and pumping it up in the press. The FBI said at the end of June the machine had been recovered, and now, the thieves have been apprehended, and told police they didn’t know they’d gotten anything more than a random laptop until — yes, you guessed it — the theft got publicized. Admittedly, companies or governmental groups in this situation are in a bit of a bind. They need to own up to people whose information they’ve lost that they are at risk, but should exercise a bit of restraint in putting the story out so they don’t alert otherwise ignorant thieves to the real value of the computers they’ve stolen. Though undoubtedly any attempt at restraint is likely to be interpreted as a cover-up or ignoring the problem. The real solution, of course, is to prevent the data leaks. While the question of whether or not the data in the VA case is at risk seems to be answered, the bigger question remains: why did an employee have the personal information on 26.5 million veterans on a laptop, let alone at their home?
Comments on “VA's Plan To Advertise Value Of Data Leak Worked”
Does it BELONG to the VA or are you saying VA is?
Re: Does it BELONG to the VA or are you saying VA
It belongs to the VA…
Re: Does it BELONG to the VA or are you saying VA
Ralph’s comment clearly illustrates a key factor;
Ralph’s an idiot.
To end on a kind note, hopefully Ralph’s preparing for his epic journey into middle school as the freedom of summer draws to a close (or even lower on the totem pole, from one who still has at least a faint bit of belief in the educational system).
Maybe because he’s an idiot? From what I read, he was apparently working on some sort of “vanity” project, trying to validate the results of a survey.
Ralph with the itchy trigger finger
Sir, with all due respect, it is correctly: the plan that belongs to the VA. In other words, the VA’s plan.
Just as written originally.
No apostrophes were harmed in the making of this post.
While the employee might have been an idiot the real blame rests with the VA who never should have allowed such data to be contained anywhere but a secure server.
3.5 months later...why now?
I can’t say this enough, if that data was encrypted we wouldn’t have to listen to any more BS about this issue. I am sick and tired of hearing different information on this stupid laptop, yes the VA was dumb and let this information get out, but this has to be at least the 3rd or 4th different story on how they got it back.
First it was claimed that someone turned in the laptop that he bought from the back of a truck when he saw the $50,000 reward. Now they are saying that there was a tip that allowed the government to somehow get the data back…oh and they’ve yet to specify exactly how they got it back on June 28th. Get your story straight because I am having trouble believing a darn thing that the government announces these days.
Re: 3.5 months later...why now?
I totally agree. But encryption or no encryption, there’s no reason that information should have even been on a laptop.. let alone, allowed to leave the building. I understand people want to telecommute or whatever, but when you work in certain positions handling sensitive, confidential, or even secret information, there’s no way that should even be an option. The exception being someone like the head an agency with some kind of security detail, or security procedure. Other than that, everyone else needs to bring their ass to work.
VA = Vaginal Atrophy
VA still means the State of Virginia to most people. Is it soooo hard to type Veterans Administration? You’re not in the military (obviously they’re incompetent too), so write a friggin’ article AND SPELL S**T OUT YOU MORONS! I’m tired of acronyms with multiple meanings. There is too many. Don’t contribute to the madness and stupidity. Keep it up and I’ll cut the phone line to your mobile home when you’re busy screwing your father’s best goat.
Re: VA = Vaginal Atrophy
Actually, Virginia is a Commonwealth, not a state.
“There is too many” is not correct either, so before you jump on someone else’s ‘mistakes’ you should correct your own, Joe.
Re: Re: Virginia not a state?????
Virginia is too a state. You can’t count to 50 stars on our flag without it. However, a few of the southern states (including Virginia) do use the term “commonwealth” as a title of the state. But it’s still a state. The only actual commonwealths around the USA (by dictionary definition) are places like Puerto Rico and the Northern Mariana Islands, which are stand-alone territories voluntarily related to the USA, not states under direct USA control.
Info source: http://encarta.msn.com/dictionary_1861599003/Commonwealth.html
I think maybe you should take your own advice and a do a little research so you can come up with an intelligent response instead of just mouthing off like you know everything and then end up being wrong.
Re: VA = Vaginal Atrophy
That has to be the stupidest comment I have read! The most constructive comment you made was the period at the end of the sentence. Next time you think you have something important to say just go ahead and bang your head against a wall. Better still cover your nose and mouth, cross your legs and fart. Maybe that will clear your mind. In the meantime here are a couple of other acronyms you might like. Sorry I didn’t spell it out, thought maybe you can sound them out for yourself.
F.U. A.H., M.F.P.
#7 VA = ?WHAT?
This is TechDirt. Stories and matters about technology.
Technology as well as the military use nothing but acronyms.
I’m quite certain that once a person recognizes the context, the use of the acronym becomes clear. It may be unclear to those unintiated to the story.
I never questioned the acronym yet I imagine sthat there are people who question it. Perhaps if the contributor at least writes the entire reference once in parentheses to eliminate any doubts.
Re: #7 VA = ?WHAT?
The VA (which may be headquartered in VA) could have avoided the widespread AV coverage of this if the VA had performed a proper VA on the data storage methods in general and this laptop in particular.
Lexis Nexis shows no reference to Nessus with this story.
I don’t know why I cared enough to post this, but Virginia is a state. Get over yourself.
Umm… that Article says VA is a Commonwealth…
Re: Re: Re:
Go easy on him…he’s from New Jersey.
Wait, this isn’t a story about a Vein Assknocker? Shoot.
Virginia is a state, period.
“Commonwealth” is just a fancy title. As you can see, it dates way back. Just try counting the stars on our flag without Virginia and see if you make it to 50. Virginia is a state that just happens to refer to itself as a commonwealth at times. By dictionary definition, every state in the USA can be considered a commonwealth, but they are still states. For that matter, the USA as a whole could be called a commonwealth.
I think a more accurate usage of the term would be for places like Puerto Rico, which are associated with the USA but are not states. For info on this, see below:
Oh look, more missing VA data.
Actually, it’s a state with “commonwealth” in its formal name. To quote Fight Club, “Putting feathers up your butt does not make you a chicken.” The People’s Republic of China is hardly a republic, and whatever Virginia might like to call itself, to qtfa:
“Four of the constituent states of the United States officially designate themselves Commonwealths”
They are states, which formally designate themselves as commonwealths … but states, nonetheless.
the VA by any other name is just the same.
Why are people so quick to judge other people’s writing. The whole purpose of writing, talking, or even gesturing is to communicate a certain point. And during that communication, it is assumed that every participant, or in this case– every reader on this site, is on some basic level of general knowledge, and shares a common interest. Granted, the author should have spelled out Veterans Administration the first time he used it in the article, followed by “(VA)”, as we all learned in school. But as someone mentioned, this is a tech site. And we’re all here as techies, not literary bards. The point of the article surrounds key words such as– stolen. data. government. veterans. laptop. security. recovered. NOT “VA”, “the VA”, or “the VA is”. Let’s try to get over ourselves. One other thing while I’m on this soapbox: People work, people are preoccupied, people are tired, or whatever the case may be. So we’re all prone to misinterpreting things regardless of how smart we think we are. A coworker with a Masters degree who works the night the shift with me was reading an article aloud to the rest of us on night. She was feeling so smart and confident, probably congratulating herself on how fast she was reading and how intelligent she sounded when she came across the word “indicted” (in-DIE-ted). She mispronounced it– “inDICKted” and we all busted out laughing….including her when she realized the brain slip.
Easy on Ralphie you guys.
What if he’s like the Ralphie on the Simpsons, he’s probably sincere yet misinformed.
Even though I live in VA and have basically nothing to do with the V.A., it seemed easy enough to figure out which this meant.
On the actual topic: It is extremely difficult to control the copying of business data by employees. Although anything can be hacked, encryption makes it more difficult to use data on a stolen device or removable media. I suppose this well publicized incident will influence many organizations with sensitive data to evaluate the effort of doing this vs. the risk of not doing it.
Commonwealth vs. State
So…is a tomato a fruit or a vegetable? And once it’s turned into pizza sauce, does it really f’ing matter?
On to the article! I think on balance, putting out the word is a good thing. Data leaks, even if all the best security policies are in place, will most certainly happen. It’s better to be (or even just appear) serious about the matter than just hoping nothing bad happens.
Just like individuals making software security leaks public alerts hackers of an exploit, it also puts pressure on the company to fix the problem. Embarassing mistakes are only bad news if you don’t fix the problem.
The VA can come out of this more secure, where if they had not said anything, they probably wouldn’t change the culture that brought it on in the first place.