This makes twice in 3 months that the VA has lost the personal information of our veterans. This time a PC was apparently stolen from the offices of a contractor (Unisys) who was doing insurance work for the VA.
See the story at SearchSecurity.com
I’d hat to be their CISO (if they have one)….that’ll be one hot seat. Here is a statement from Rep. Frank LoBiondo:
“I am angered and outraged that while our veterans protect our nation’s security, our nation is unable to protect their personal information. Twice in three months our veterans’ personal information is found in peril. Decisive action must be taken now to install the necessary security protocols and prevent future breaches.”
And the wheels on the bus go ’round and ’round……
–Chris
Technorati Tags: VA, lost data, identity theft
August 8th, 2006 at 1:57 pm
Chris, can you explain to me WHY they still refuse to encrypt their data. Generally after something tragic happens to a company they fix their issues so it won’t happen again. Mistakes are human, everyone makes them, but the key to being successful in the future is not making the same mistake twice.
If they just would have encrypted their data then they could be just fine with losing a laptop or even a desktop. I am sure Nicholson and his so called “security experts” have one foot out the door because like I’ve always heard…”once shame on you, twice shame on me…”
Thanks again for the info
Nathan Kully
August 8th, 2006 at 4:39 pm
Risk Mitigation. Many times you will find that companies feel it is more cost effective to clean up the mess than implement the controls / technologies that will help prevent these issues. There are a lot of variables here. Was it a VA laptop or Unisys laptop? What format was the data in and how did it get to Unisys? I dont know what the VA’s procedures / policies are regarding passing data to 3rd parties / partners.
We’ve not seen the end of this by a long shot.
Thanks Nathan.
–Chris
August 8th, 2006 at 5:38 pm
It’s real sad to hear that not only big companies but government agencies think this way about such large issues. It is especially sad that this agency thinks in such a cost effective way when it is dealing with people who served our country (including yourself).
Of course there are a lot of variables regarding this issue, however the VA has done a great job of keeping a lot of their issues to themselves…i.e. the 3 weeks it took them to report the issue, the 2 or 3 explanations on how they got the laptop back etc. So what I’m saying is while none of us know the VA’s procedures, I don’t think that they know them all that well either.
Sadly you are right, we aren’t at the end of this. Do you think that THIS issue will change their procedures to help protect them in the future?
Nathan
August 14th, 2006 at 6:43 pm
Apparently this was the proverbial straw. Check this out:
http://www.eweek.com/article2/0,1895,2003320,00.asp