Data on a VA laptop stolen May 3 from an analyst’s home may include as many as 1.1 million active-duty military personnel, 430,000 National Guard members and 645,000 Reserve members constituting nearly 80% of the active duty force as well. Some of those records included information about active duty personnel’s spouses and family members. These records could be used to target military members deployed overseas or their families at home.
Early reports had said that National Guard troops were not affected by the theft.
Former Republican National Committee Chairman and current Veterans Administration Secretary Jim Nicholson may have been “mad as hell” over the theft of 26.5 million records containing sensitive personal information during testimony before Congress, but he shouldn’t have been surprised when the security disaster occurred, given that his organization’s lax security has been a matter of public knowledge since shortly after he began his tenure.
While Nicholson kept referring to only the most recent lapse in security involving a single employee, Sen. Susan Collins (R-Maine), chair of the Homeland Security and Governmental Affairs Committee, indicated there was plenty of blame to go around, saying, “You seem to be saying it was just one employee. But it’s not just one employee. You have a high-risk vulnerable system that has been identified time and again as vulnerable.”
Several members of the committee chastised Nicholson for failing to repair a badly mismanaged information systems department that had been identified as such by its own attorney general in frequent reports to Congress. Every year since 2001, the VA’s Inspector General has reported to Congress that its “material weakness” put information security at great risk.
During testimony on the theft in the House, Rep. Bob Filner (D-Calif.) said, “In the last five years, a host of agencies have reported that the VA has had many problems with information security. How did the VA react? With indifference.”
The cause of the security lapse was a lone data analyst who had been taking the names, birth dates, disability information and Social Security numbers of veterans home on his laptop computer, without permission and apparently without as much as even simple encryption, since 2003. On May 3, while the laptop was left unattended in the employee’s Aspen Hill, Md., home, it was stolen during a burglary.
The next morning, the data analyst informed his supervisors, who then proceeded to conceal the information until May 10th, when another VA employee overheard talk of the burglary and subsequent data loss during a routine meeting. Deputy Secretary of Veterans Affairs Gordon Mansfield was then informed of the data theft, and he, in turn, requested VA Chief of Staff Tom Bowman to investigate. However, VA Inspector General George Opfer wasn’t informed of the breach until May 16th, nearly two weeks after the theft. Also informed on the 16th, Secretary Nicholson called in the FBI to investigate the next day. The FBI went public about the theft during an announcement on May 22nd, nearly three weeks after the burglary.
Montgomery County, Md., police agencies have asked anyone purchasing a used Hewlett-Packard laptop or hard drive to notify them immediately, while the VA has begun a massive mail and public relations program designed to notify all 26.5 million veterans affected of the theft and how to best protect their credit. The program is expected to begin at a cost of $10 million, with Nicholson’s prediction that the program could ultimately cost tens of millions more.
The employee who caused the largest personal data security breach in U.S. history is still on administrative leave and cooperating with officials and expects to be fired once his services are no longer required. Several VA employees have resigned or been placed on administrative leave, and Democrats ranging from Sen. Patrick J. Leahy of Vermont to Rep. Filner are calling on Nicholson to resign.
White House Press Secretary Tony Snow said that Nicholson continued to serve with the President’s support, and Nicholson now says that he is conducting a comprehensive review of security procedures to ensure this never happens again. He is also requesting an additional $25 million to upgrade the organization’s security measures.
Adding insult to injury, several veterans’ groups have joined together to file a class-action lawsuit claiming that veterans’ privacy was violated and asked for $1,000 per veteran, totaling $26.5 billion dollars.
All because some geek didn’t want to work at his desk.
(No Ratings Yet)
Loading ...
Join the members of the Liberty Conspiracy as they discuss issues ranging from the "Incorporation Doctrine" and gun rights, to the NBA, to protests conducted at military funerals, protests that are being challenged by government, and which will be heard by the philosopher kings in the U.S. Supreme Court.
When neoconservative Ben Stein accused Congressman Ron Paul of being antisemitic for merely wanting to ask WHY Islamic terrorists want to attack the civilians living under western governments that have meddled in the Mideast, the members of the Conspiracy could not sit by silently.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Sean
Jun 08, 2006
How in the world does Nicholson still have a job? Ultimately the whole mess falls on his shoulders, and he was ultimately responsible for the security policies.
I don’t see how suing the VA is going to help, since the damage is already done. $1,000 doesn’t fix a damn thing, and it’s taking money away from the VA, which is used to support veterans. Could it be that some people see this as a chance to make a little free cash? Nah… couldn’t be.
Jun 11, 2006
Stand-down at VA to tighten laptop security - Homeland Stupidity
Chad
Jun 13, 2006
So what we would receive an extra $1000.
It shouldn’t come from the VA but from Uncle Sam.
The tax breaks on the rich would probably cover
that anyway.
If our data is used to destroy our credit, that
is way more damage than $1000 could even think
about covering. I have read it takes some poor folks
years to correct their credit and finances, etc after
this type of theft.
Some morons need to be fired, policies need to be changed today, not
next month or next year.
dbg
Jun 17, 2006
I’d like to join the class action suit. The money isn’t the issue. Accountability is.
I’d like to see all senior administrative personnel in the VA swing from a tree for this. The offending employee should be IN JAIL. Maybe even for treason. This is a national security issue.
GW’s precious Homeland Insecurity Department is a joke, but they could finally use those Patriot Act provisions to prosecute the incompetents at the VA.
Jun 22, 2006
26,000 USDA employees warned of personal data theft - Homeland Stupidity
Jun 23, 2006
FTC laptops stolen; 110 to be notified of personal data theft - Homeland Stupidity
Jun 24, 2006
Personal data for 28,000 Navy personnel found on public Web site - Homeland Stupidity
Jun 27, 2006
GAO discloses personal data breach - Homeland Stupidity
Jun 29, 2006
Stolen VA laptop recovered; no identity theft reported - Homeland Stupidity
Aug 07, 2006
VA contractor computer with personal data stolen - Homeland Stupidity