Sunday, June 04, 2006

Update on stolen VA personal information

As reported here, "Personal information on 26.5 million veterans that was stolen from a Veterans Affairs employee this month not only included Social Security numbers and birthdates but in many cases phone numbers and addresses, internal documents show."

Well, isn't that just peachy.

"Meanwhile, VA Secretary Jim Nicholson said Wednesday that he had named former Maricopa County Attorney Richard Romley of Arizona as a special adviser for information security, a new three-month post that will pinpoint security problems at the VA and develop recommendations for improvements."

You'd think that in these days of rampant identity theft, that someone would have thought about this, and had the intelligence to do something before something like this had happened. This sounds like a case of closing the barn doors after the cows had left. But, we are talking about a government agency here.

"The three pages of memos by the VA, written by privacy officer Mark Whitney and distributed to high-level officials shortly after the May 3 burglary, offer new details on the scope of one of the nation's largest security breaches. The memos were obtained Wednesday by The Associated Press.


They show that a file containing 6,744 records pertaining to "mustard gas veterans" -- or those who participated in chemical testing programs during World War II -- was breached, and that a "short file" with as many as 10 diagnostic codes indicating a veteran's disability also was stolen.

At the same time, however, the memos suggest that the data might be difficult to retrieve by thieves.

"Given the file format used to store the data, the data may not be easily accessible," stated one memo dated May 5 and distributed internally May 8."

Mr. Whitney is obviously living in the land of wishful thinking if he believes that someone out there who may now have access to the laptop won't be able to de-code the information, or know someone who can. Mr. Whitney, this is the technology age. People know how to do things with computers. Just because you apparently can't figure that out, doesn't make it not so.

"On Wednesday, the VA did not say why it didn't immediately reveal that personal information such as addresses and phone numbers had been disclosed."

Let's see ... after admitting that they, the VA, got stupid for allowing a person to take a laptop home with them that contain sensitive information which was then subsequently stolen, the VA also doesn't add that personal addresses and phone numbers were part of the data. The VA got "stuck on stupid", and apparently so did AP "reporter" Hope Yen, since she couldn't seem to figure out why the VA didn't own up to that little tidbit of information. Oh, and Hope? The information, according to Mr. Whitney, hasn't been "disclosed" yet, although that should happen any day now, when the thieves manage to figure out how to retrieve the data.

"The House Veterans' Affairs Committee is planning to hold several additional hearings on data security and veterans' benefits later this summer."

We need some concrete solutions to come out of those hearings, to prevent the VA from being "stuck on stupid".

Here's a further update on
what veterans can do to protect their credit information.

No comments: