VA data files on millions of veterans stolen

http://www.gcn.com/online/vol1_no1/40840-1.html?topic=3Dsecu rity

Login | Register
Search GCN GCN Quickfind GO

=B7 Print Edition
=B7 eNewsletters
=B7 First Take
=B7 Tech Blog
=B7 Defense Systems
=B7 FOSE
=B7 Government Leader
=B7 Washington Technology
GCN Home > web stories
05/22/06 -- 11:09 AM
VA data files on millions of veterans stolen

By Mary Mosquera, GCN Staff
Story Tools: Print this | Email this | Purchase a Reprint | Link to
this page
VA Statement

=B7 Latest Information on Veterans Affairs Data Security
More on this topic from GCN
Other data security breaches

News that the personal information of 26.5 million veterans has been
stolen from an employee of the Veterans Affairs Department is the
latest example of just how tenuous personal data security can be.
VA's latest loss is one of the largest in government to date. Here
are some others:
August 2005 The Air Force notifies more than 33,000 airmen that much of
their personal information was stolen from the online Assignment
Management System. Air Force Personnel Center officials at Randolph Air
Force Base, Texas, alerted service and federal investigators to
unusually high activity on a single user's AMS account in June. While
the investigation is continuing, AFPC spokeswoman Lt. Col. Michele
DeWerth said a malicious user illegally acquired a legitimate user ID
and password and used them to gain access to officers' individual
information. Only a handful of noncommissioned officers were affected,
she said.
June 2005 In early 2004, someone accessed current and former Federal
Deposit Insurance Corporation employee personal data without
authorization. That data included names, dates of birth, salaries,
Social Security numbers and length of service. Officials discovered the
problem in March and sent letters to those affected. In the subsequent
investigation, the FBI found that data of all FDIC employees and former
employees has been stolen.
February 2005 The Bank of America Corp. lost data tapes containing
personal information on 1.2 million federal charge card holders. The
bank acknowledged that it could not locate magnetic tapes used for
federal credit card accounts. The tapes, which contain records with
such details as employees' names, addresses and Social Security
numbers, first went missing in December.
-Jason Miller


(Updated) The Veterans Affairs Department today revealed that personal,
identifying data for as many as 26 million American veterans was stolen
from a VA employee's home in May.
The information is a list of all veterans who served in the military
and were discharged since 1975.
A VA employee took files home as part of department work on a data
collation project to simplify some VA processes. Subsequently, someone
broke into the employee's home and stole the data. The career
employee, a data analyst, was not authorized to take the files home,
said VA secretary Jim Nicholson in a teleconference with reporters.
He would not say what form the data was in.
The data analyst, whom VA would not identify, has authority to access
the information for his job but did not follow procedures to safeguard
the data. He has been put on administrative leave pending the outcome
of the investigation, the secretary said.
"We do have people that telecommute. We have a system of policies and
controls that are in place and operating, and this person violated
those," Nicholson said.
The veterans' personal information that was compromised included
names, Social Security numbers and dates of birth. The data contained
no medical or financial information, but there may be disability
numerical rankings, he said.
"Considering the pros and cons of going public, we've decided to
come down on the side of making veterans aware. There is no indication
that any unauthorized use is being made of this data or that they (the
burglars) know that they have it," he said
The FBI, VA's inspector general and local law enforcement are
investigating the theft. Investigators believe the burglary was random
and not targeted for the VA information. Several thefts have been
reported in the community. The secretary would not pinpoint exactly
when the robbery took place, only that it was sometime this month.
Nicholson has taken initial steps inside and outside government to
alert veterans and improve data security. He has briefed the co-chairs
of the President's Identity Theft Task Force, which is charged with
better securing government-held personal data. Attorney General Alberto
Gonzales and Federal Trade Commission chairwoman Deborah Majoras lead
the task force and he will confer with them today in a previously
scheduled meeting.
"This will be the number-one topic," he said.
Other steps he has taken to alert veterans and tighten security
include:

* VA has established a Web site to inform veterans.
* VA is notifying veterans, including checking with the Social Security
Administration and the IRS for correct addresses.
* VA will conduct an inventory of those with access to sensitive VA
data and possibly ask the FBI for background investigations depending
on the level of access and responsibilities.
* VA will accelerate the requirement that all employees complete a
cybersecurity training course to June 30 this year.
* VA employees will have to sign an annual statement of their awareness
of privacy and security responsibilities and consequences of disclosing
personal information.
*

Originally posted at 12:09 p.m. and updated at 3:18 p.m.



More news on related topics: IT Security, Policy / Regulation
Enhancing Secure Communications within the Military
In a war-time environment, seconds count, so real-time collaboration is
paramount. Learn how a secure collaboration solution can aid relief
efforts, military training, communications between military personnel
and more.
Source: VIACK Corporation | Posted: 4/8/2006
MARKETPLACE Products and services from our sponsors
Symantec Yellow Books
Effectively manage email environments. Download IT intelligence Now!
Want to know your CIS security score?
The CIS has developed detailed IT security benchmarks which will help
make your computer more secure. Click here to download the Belarc
Advisor which will automatically show you how secure your system is
compared to the CIS benchmark configurations.
SEC & HIPAA IM Compliance
Satisfy regulatory and compliance requirements for instant messaging.
Don't Leave Your Workstation Without It!
...Your CAC! The DoD CAC and Federal Smart Card mandates are upon us!
Before HSPD-12 leaves your users frustrated and your networks
vulnerable, Leash 'Em! The CAC-Leash from HyperDog Technologies!
Something you SHOULD have. Something you know!
Ruggedized Flash Drives
The only Flash Drive designed with the environment in mind. The
Winstation Compact Flash and 2.5" Solid State drives are ruggedized to
withstand just about anything you can throw at it. Extreme Heat and
Cold, Water resistant and shock proof.
View more products and services...
Buy a link now



Most Read Articles on GCN.com
Past 24 hours | Last 7 Days | Last 30 Days
Quick to the core(s)
Auditors: DHS should spur use of critical infrastructure data
OMB to spell out financial LOB process
A sharp eye for details
First responders in a jam?
Go to complete list
Most Read Articles on GCN.com
Past 24 hours | Last 7 Days | Last 30 Days
OPM finally gets rolling on a new retirement system
DHS to develop biosurveillance system for pandemic
Quick to the core(s)
TSA does about-face on TWIC
OMB to spell out financial LOB process
Go to complete list
Most Read Articles on GCN.com
Past 24 hours | Last 7 Days | Last 30 Days
Web interactions are six to 10 years away, feds say
GAO questions digital battlefield plan
Beat The Clock
Letters to the Editor
House, Senate divided on plan for DOE spin-off
Go to complete list
Most E-Mailed Articles on GCN.com
Past 24 hours | Last 7 Days | Last 30 Days
OPM finally gets rolling on a new retirement system
When data centers lose their cool
Agencies are enlisted to help lobby Congress for more support of e-gov
AF puts its money on modernization
How to chill out
Go to complete list
Most E-Mailed Articles on GCN.com
Past 24 hours | Last 7 Days | Last 30 Days
OPM finally gets rolling on a new retirement system
When data centers lose their cool
AF puts its money on modernization
Agencies are enlisted to help lobby Congress for more support of e-gov
In the know-knowledge management software
Go to complete list
Most E-Mailed Articles on GCN.com
Past 24 hours | Last 7 Days | Last 30 Days
TSA at odds with DHS IG over audit
Blade servers: Cutting edge
People on the move
IRS struggles to take next step in E-filing
Agencies shore up as hurricane season looms
Go to complete list


Government Enterprise Messaging Management

This paper discusses how agencies can manage the lifecycle of email
applications while bolstering security and availability of information.
Click here to download.

Source: Symantec and DLT Solutions, Inc. | Posted: 5/2/2006



Home | About GCN | Contact GCN | Customer Help | Privacy Policy |
Careers | Editorial Info | Advertise | Link policy / Reprints |
Site Map