Wednesday, May 24, 2006

The VA Data Breach is a Symptom of a Bigger Problem

26.5 million identities of our veterans have been compromised, and the official spin is that the risk of identity theft is minimal.

The waters are still "murky" and I'm not sure what other valuables were at this mid-level computer analyst's home, but the media is reporting that the equipment - consisting of a laptop, external hard drive and some disks - were the only items taken.
Being that I'm one of the 26.5 million compromised - on a personal level - I'm worried. To me, it doesn't make sense that the only things taken were the very items that had "information potential."
It is also now being reported that it took two weeks for the Veterans Administration to report the incident to the FBI. If this is true, is it incompetence; or a deliberate attempt to cover-up the facts?
But, should we be blaming the VA for not reporting this for two weeks? After all - in the recent debit-card breach - Visa and Mastercard knew of the problem a couple of months before it was disclosed. Even now, the information that was reported (by those breached) seems to be the bare minumum.
According to the Privacy Rights Organization, which has monitoring these breaches, almost 82 million Americans have had their identities compromised. You can view their chronology, here.
Note that in some of the breaches, the number was unknown, therefore the actual number of people compromised might be higher.
Meanwhile, the House Commerce Committee is rushing to vote on the Financial Data Protection Act of 2006 and the House Judiciary Committee is scheduling a vote on the Cyber Security Enhancement and Consumer Data Protection Act.
There are a few flaws (my opinion) in the current legislation. The new laws will allow companies, institutions and organizations to decide - via an internal investigation - whether disclosure is warranted, and gives them 45 days to report it if there is a "reasonable risk" of identity theft.
If we look at this from a historical perspective (organizations reporting themselves), we are in a lot of trouble.
Critics claim this federal legislation has been "watered down" by special interest groups. Rushing this legislation through might not serve the best interests of the people. In fact, some might speculate that those (who watered it down) are using the "VA breach" to push it through before the public sees the flaws.
82 million people might send a powerful message to our "elected officials" in the upcoming election. The message is there are a lot of us tired of seeing millions of people victimized and nothing (effective) being done about it.
To my fellow veterans, who have been compromised, here is a link from the Privacy Rights Organization about this compromise and where to get help.


T.L. Stanley said...

Good post.

Tammara Garland said...

It's shocking, yet no surprise that criminals breached private information within a US government entity. It is especially sad that the privacy and identity of our military service men and woman has been breached. They graciously serve our country to protect us, yet the government seems to lack the ability to protect them. We need laws that supercede technological advances, not laws that are lagging far behind technology. The politicians need to stop bickering over their differences, and get on top of the game to implement stronger identity theft laws! I thank God for the US Military, and for our freedom, and I'm very sad to hear of this crisis! As a daughter of a WWII Navy Veteran I don't take the fight for freedom lightly. It is a shame the government has apparantly done a second-rate job in protecting our first class servicemen and woman!

Anonymous said...

What media sources are reporting that these were the only items taken?

Also, according to the VA, this individual was a Senior Data Analyst with over 30 years of service, not exactly what I'd call "mid-level"