VA searches for missing external hard drive

By SearchSecurity.com Staff 06 Feb 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The VA said Friday that a government-owned, portable drive used by an employee to back up data at a VA facility in Birmingham, Ala., had gone missing and may have been stolen.

The device, which may have contained personal information on as many as 48,000 veterans and research project data, was reported missing Jan. 22. According to The Associated Press, Rep. Spencer Bachus, R-Ala., said that as many as 20,000 of the records on the device were not encrypted.

In a statement, Secretary of Veterans Affairs Jim Nicholson said the VA's Office of Inspector General is working with the FBI to conduct a thorough investigation, and the VA's Office of Information and Technology is conducting its own investigation.

"We intend to get to the bottom of this," Nicholson said, "and we will take aggressive steps to protect and assist anyone whose information may have been involved."

The VA said it intends to notify affected individuals and offered to pay for a year's worth of credit monitoring for anyone whose information is compromised.

For the VA, the incident represents the latest embarrassment in a cavalcade of failed efforts to protect its sensitive information. In a widely publicized incident last May, the VA suffered the theft of a laptop and external hard drive containing personally identifiable information on 26.5 million veterans and active-duty military personnel.

The VA laptop was found approximately a month later and law enforcement officials believe that none of the sensitive data was even accessed by the thief. However, the VA's handling of the incident and slow response led to an internal investigation that resulted in a scathing report from the department's Office of the Inspector General.

Then in August, a computer with the personal information of as many as 16,000 U.S. veterans was stolen from the office of Unisys Corp., a contractor that was conducting insurance collections for the VA. Soon after, the VA announced a plan to have all its laptop computers use encryption technology within four weeks, with desktop computers soon to follow.

Tags: Identity Theft and Data Security Breaches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches At RSA Conference, experts dismiss end-to-end encryption claims Companies urged to share data breach information Mass 201 CMR 17: Basics for security practitioners FTC probes P2P corporate data leaks MA 201 CMR 17 enforcement less likely with prompt reporting, cooperation No major PCI DSS revision expected in 2010 Data breach costs continue to rise in 2009, Ponemon study finds Chinese hacker attacks target Google Gmail accounts, top tech firms Facebook, McAfee partner to fix social network security issues Hacker pleads guilty to orchestrating Heartland credit card heist

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary