VA's Plan To Advertise Value Of Data Leak Worked
from the in-hindsight dept
Back in May, following the theft of one of its employee's laptops containing personal data on 50,000 veterans, the VA tried a new version of security-via-obscurity. It first said that chances where the thieves had no idea about the data, and probably just stole the laptop for its resale value. They then followed this up by doing their best to make them aware how valuable it was, putting up a $50,000 reward and pumping it up in the press. The FBI said at the end of June the machine had been recovered, and now, the thieves have been apprehended, and told police they didn't know they'd gotten anything more than a random laptop until -- yes, you guessed it -- the theft got publicized. Admittedly, companies or governmental groups in this situation are in a bit of a bind. They need to own up to people whose information they've lost that they are at risk, but should exercise a bit of restraint in putting the story out so they don't alert otherwise ignorant thieves to the real value of the computers they've stolen. Though undoubtedly any attempt at restraint is likely to be interpreted as a cover-up or ignoring the problem. The real solution, of course, is to prevent the data leaks. While the question of whether or not the data in the VA case is at risk seems to be answered, the bigger question remains: why did an employee have the personal information on 26.5 million veterans on a laptop, let alone at their home?