Two days after the Department of Veterans Affairs (VA) acknowledged a data security breach involving a desktop computer, its second major data loss in three months, another government agency is reporting that one of its laptops was stolen.
Wednesday the Department of Transportation (DOT) said a laptop housing approximately 133,000 drivers' and pilots' records was stolen July 27 from a government vehicle in Doral, Fla. Personal data on 133,000 people may be exposed to identity fraud.
The agency is now sending letters to those whose information may have been compromised. In the letter, the agency said, "The laptop is password protected, and it is unlikely that the perpetrators stole it based on any knowledge of its data contents."
The department's inspector general's office said the laptop contained information from more than 80,000 commercial driver's licenses issued in the Miami-Dade County area. This included drivers' names, dates of birth and Social Security numbers.
According to published reports, the stolen computer also contained 42,800 records belonging to people who obtained pilot licenses from the Federal Aviation Administration in Florida, and 9,500 Tampa area drivers' licenses.
The agency said those who received a Miami-Dade commercial driver's license after April 2003, got a driver's license in Tampa after July 2005 or received a pilot's license after March 2003 were not affected, the Reuters news agency quoted the department as saying.
"We have taken action and will continue to take steps necessary to prevent this from happening again," Acting DOT Inspector General Todd Zinser said in a statement quoted by Reuters.
The inspector general added that a $10,000 reward for information leading to the recovery of the laptop has been posted.
The latest revelation comes two days after the VA acknowledged that another computer with the personal information of thousands of U.S. veterans had been stolen. In this case, a desktop PC containing data on as many as 16,000 veterans was stolen from the office of Unisys Corp., a contractor handling insurance collections for the VA.
In a statement, the VA said it believes the PC contains data on about 5,000 patients who received care at a Philadelphia medical center, and about 11,000 who were treated at a facility in Pittsburgh. The VA is investigating the possibility that the machine also has data on another 20,000 patients from its Pittsburgh facility. The data on the PC is believed to include Social Security numbers, names, addresses, dates of birth, insurance information, dates of military service and medical claim information.
Meanwhile, the VA announced on its Web site that it has entered into an agreement with ID Analytics Inc., a San Diego-based company, to provide free data breach analysis services to the VA. The deal is intended to ensure that information contained on computer equipment stolen in May from a VA employee's home wasn't compromised.
The stolen equipment, which was later recovered, contained personal data on 26.5 million veterans and up to 2.2 million active duty personnel.
ID Analytics will conduct the analysis across multiple industries to detect patterns of misuse and determine whether there is any suspicious activity specifically related to this computer equipment theft, the VA said.
"Protecting veterans from fraud and abuse remains an important priority for VA," VA Secretary R. James Nicholson said in a statement. "Data breach analysis will provide VA with additional assurances that veterans' personal information remains unharmed."