VA searches for missing external hard drive

Article

VA searches for missing external hard drive

An FBI investigation is underway to determine the whereabouts of a lost U.S. Department of Veterans Affairs external hard drive that likely held personal information on nearly 50,000 veterans.

The VA said Friday that a government-owned, portable drive used by an employee to back up data at a VA facility in Birmingham, Ala., had gone missing and may have been stolen.

The device, which may have contained personal information on as many as 48,000 veterans and research project data, was reported missing Jan. 22. According to The Associated Press, Rep. Spencer Bachus, R-Ala., said that as many as 20,000 of the records on the device were not encrypted.

In a statement, Secretary of Veterans Affairs Jim Nicholson said the VA's Office of Inspector General is working with the FBI to conduct a thorough investigation, and the VA's Office of Information and Technology is conducting its own investigation.

"We intend to get to the bottom of this," Nicholson said, "and we will take aggressive steps to protect and assist anyone whose information may have been involved."

The VA said it intends to notify affected individuals and offered to pay for a year's worth of credit monitoring for anyone whose information is compromised.

For the VA, the incident represents the latest embarrassment in a cavalcade of failed efforts to protect its sensitive information. In a widely publicized incident last May, the VA suffered the

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

theft of a laptop and external hard drive containing personally identifiable information on 26.5 million veterans and active-duty military personnel.

The VA laptop was found approximately a month later and law enforcement officials believe that none of the sensitive data was even accessed by the thief. However, the VA's handling of the incident and slow response led to an internal investigation that resulted in a scathing report from the department's Office of the Inspector General.

Then in August, a computer with the personal information of as many as 16,000 U.S. veterans was stolen from the office of Unisys Corp., a contractor that was conducting insurance collections for the VA. Soon after, the VA announced a plan to have all its laptop computers use encryption technology within four weeks, with desktop computers soon to follow.