Tuesday, May 23, 2006

26.5 Million Veterans Compromised in Data Breach

Data breaches seem to be a weekly occurrence. Now we can add 26.5 million veteran's personal information to the list.

With as many times as this has happened, it never ceases to amaze me that much of this information isn't compromised by criminals with advanced "technical knowledge." In this case - as in many others - it appears the information was on a laptop and was stolen by a home burglar. In other words, 26.5 million people, who served their country have been compromised by a petty criminal.

The Privacy Rights Clearinghouse keeps track of these ongoing data breaches, which can be viewed, here. When you add them all up, it's pretty scary.

Here is the statement from the Department of Veterans Affairs:

The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of our policies.

This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. Importantly, the affected data did not include any of VA's electronic health records nor any financial information. The employee's home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation.

Appropriate law enforcement agencies, including the FBI and the VA Inspector General's office, have launched full-scale investigations into this matter. Authorities believe it is unlikely the perpetrators targeted the items because of any knowledge of the data contents. It is possible that they remain unaware of the information which they posses or of how to make use of it. However, out of an abundance of caution, the VA is taking all possible steps to protect and inform our veterans.

The VA is working with members of Congress, the news media, veterans service organizations, and other government agencies to help ensure that those veterans and their families are aware of the situation and of the steps they may take to protect themselves from misuse of their personal information. The VA will send out individual notification letters to veterans to every extent possible. Veterans can also go to http://www.firstgov.gov/ as well as http://www.va.gov/opa/ to get more information on this matter. The firstgov web site is being set to handle increased web traffic. Additionally, working with other government agencies, the VA has set up a manned call center that veterans may call to get information about this situation and learn more about consumer identity protections. That toll-free number is 1-800-FED INFO (333-4636). The call center will be open beginning today, and will operate from 8 am to 9 pm (EDT), Monday-Saturday as long as it is needed. The call center will be able to handle up to 20,000 calls per hour (260,000 calls per day).

Recently, I did a post, where another laptop (government) was compromised:

Laptop Loss Exposes U.S. Marines

It amazes me that in the "Age of Compliance," our information isn't better protected. Another thing that amazes me is that "experts" are assuring the public that there is a very small chance this information will be used for identity theft. I supposed that this is based on the premise that the "crook" merely wanted to steal the laptop.

My thoughts are that either the crook stole the laptop for the information, or has now likely discovered (via all the attention this has raised) exactly what they have.

No comments: