Wednesday, June 23, 2021

Report Reveals VA Breach Specifics

Veterans can breathe a little easier over the massive May data theft at the
Veterans Administration (VA).

The FBI and the VA’s Office of the Inspector
General (OIG) do not think the data on a laptop and an external hard drive
stolen from a VA employee’s home has been used for identity theft purposes, according to a VA report issued Tuesday.

The laptop contained no VA data, but the external hard drive included large
record extracts containing records on approximately 26 million living
veterans. The extracts contained Social Security numbers, full names, birth
dates and service numbers.

The FBI recovered the laptop and hard drive late last month.

“Based on all the facts gathered thus far during the investigation as well
as the results of forensics examinations, the FBI and the Office of the
Inspector General are highly confident that the files … were not compromised
after the burglary,” the report states.

The report concludes that the employee was authorized to take the laptop and
hard drive home, but he exercised “extremely poor judgment” when he decided
to take the personal information out of the office without encrypting or
password protecting the data.

The employee told the FBI and the OIG that the data he took home was part of
a “self-initiated” study.

“While the employee had authorization to access and use large VA databases
containing veterans’ personal identifiers … his supervisors and managers were
not aware he was working on the project,” the report states.

Had they been aware of the employee’s project, the report claims, the
employee would not have received permission to take the data home.

The report also concludes the VA did not respond in a timely or appropriate
manner when the employee reported the theft of the laptop and external hard
drive. Secretary of Veterans Affairs Jim Nicholson told Congress he was not
informed of the theft until two weeks after the fact.

“[The report] by the Veterans Affairs Inspector General reaffirms our
initial concerns that the Department was slow to react to the loss of
sensitive personal data,” Rep. Tom Davis (R-Va.), chairman of the House
Government Reform Committee, said in a statement.

Davis added, “The VA was fortunate — the police eventually recovered its
stolen data. Not all agencies are so lucky. And we can’t go forward hoping
for the same good luck in the future.

“The federal government must become a better steward of sensitive personal information.”

This article was first published on InternetNews.com. To read the full article, click here.

Similar articles

Latest Articles

3 AI Implementations That...

I was on a joint educational call for the World Talent Economic Economic forum on mobile computing this week. We drifted to topics that...

Survey of Site Reliability...

NEW YORK — Site reliability engineers (SREs) are warning of a looming scalability ceiling and saying the adoption of AIOps isn’t happening at a...

Druva Integrates sfApex to...

SUNNYVALE, Calif. — A maker of software for cloud data protection and management is helping companies safeguard essential customer data that their sales and...

Best Data Science Tools...

Data science has transformed our world. The ability to extract insights from enormous sets of structured and unstructured data has revolutionized numerous fields —...