Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


VA Recovers Stolen Laptop



 By: Matt Hines
2006-06-29
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The government agency said it has regained possession of the missing laptop containing the personal information of 26.5 million veterans at the center of its data breach controversy.

The United States Department of Veterans Affairs is reporting that it has recovered the stolen laptop computer believed to be carrying the personal records of 26.5 million former and current servicemen that touched off a firestorm of debate over the governments data handling policies.

A Veterans Affair spokesman confirmed to eWEEK on June 29 that the agency had somehow gotten its hands back on the stolen machine and an external hard drive that was also taken, while not offering any details as to how the devices were returned. Veterans Affairs Secretary Jim Nicholson also confirmed the recovery to reporters in Washington.

"The department and the secretary are encouraged by this development, and it is certainly good news for veterans," the VA spokesman said. "The secretary is still committed to moving the VA forward and putting policies and procedures in place to ensure that this doesnt happen again."

The government had been offering a $50,000 reward for the laptops return, but the spokesman could not confirm if the sum would be paid out as a result of the laptop recovery.

Resource Library:

The situation began when a contractor working for the VA had his Maryland home robbed after taking the computer and an external hard drive out of the office to do work. The employee reported the loss of the laptop and accompanying hard disk to police and to his supervisor as soon as the theft was discovered, but that fact was not made available to higher levels of management until weeks later, at which time it was first reported publicly.

According to documents submitted as part of a class-action suit filed as a result of the data breach, it became known that the VA employee had been taking the personal information home routinely for at least three years, and that he had at some point been given permission to do so.

As a result of the fallout from the laptop theft, Nicholson announced several major initiatives to be undertaken by the VA in the name of preventing similar incidents. As part of the effort, every laptop computer in the Department of Veterans Affairs will be required to be returned to IT security personnel for a review to ensure that all security and virus software is current. At that time, personnel will remove all unauthorized information or software.

The VA announces new security measures. Click here to read more.

In addition, Nicholson ordered that no personal laptops or other computers would be allowed to be connected to the VAs VPN or to perform any sort of official business. In addition to recalling all laptops for their security audits, every VA facility will have a "security stand down" the week of June 26.

During previous tests conducted by auditors seeking government agency compliance with the Federal Information Security Management Act, the VA repeatedly earned a grade of F for its security policies security. However, the U.S. Department of Agriculture, Internal Revenue Service and Social Security Administration have also recently reported missing or stolen laptops, but the data losses in those incidents were much smaller than the VAs massive data breach.

Claiming that the Veterans Affairs Department had "flagrantly disregarded the privacy rights of essentially every man or woman to have worn a United States military uniform," two separate veterans groups filed a massive class-action lawsuits againt the agency. One of those suits asked that the courts prohibit the VA from handling any personal, privacy-protected data except under court supervision, and requested that the court create a set of "consensus minimal security standards" under which the VA can operate. The suit also asks for damages of $1,000 for every person listed in the missing database files.

Click here to read more about the lawsuits.

The suit goes on to say that the "VA arrogantly compounded its disregard for veterans privacy rights by recklessly failing to make even the most rudimentary effort to safeguard this trove of personally identifiable information from unauthorized disclosure."

Douglas Rosinski, the plaintiffs attorney in one of the two cases being brought against the VA, said that the laptop theft and potential data breach were the result of a system of negligence at the VA where workers ignored existing policies put in place to protect veterans personal data.

"Even though the federal government has been after the VA to do something about this for years, its clear they felt they could thumb their noses at the existing regulations," said Rosinski. "This wasnt an issue of ignorance; it was an issue of people who refused to improve data security policies even when told to do so."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: VA Recovers Stolen Laptop
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


xr㶲(;; YڦxHS%ƶ,xWDHbL\$e[K?Kg<xӅ|8'cK@7Fw?I9stô1f%St[D;;?.P|gSo92pt;'=r:;{'׼ ;Aڼ+ N7Rߙ0QT&*rp8M2A pbCG,Bs.oVs+~ASC TIna>E4b™EU}dvה-^m^:A,3SAT4 ̠K`W:+9jq}Ҽ~n_4;]rҹ"qřyN0p3 Z_Zv`CK'^C"A<0MߑҾ#3\$.?IN±,7{M0o-Yn]H.)ޕ|T|Y|ěy#0ri4(߆A@w[@k+UykA 43@_x0ND=3okcfMr,eg{0@M)61p9k 3!RBʼĿIK _VPJB-)\D7h+Ԍ$ٛ"Gn;z̈_"ʥep1S{.sh>pY?vwެ,U*մީ-~iQw9~j>]{ٹvym|hǫg",$ ꨦU,V𢲯*@8ʍ??1m!S[ö@ .S3+{~L>CZC>/=Sjimvi(|I}ѦޡR?5}81 @ LNa 8 V83 tCuәݰ=Wԇ9[i`I l"v|3c)м`yn`25C?F{t t,/G`\@Z8`$8ʼ E]q2g>o  ޜꦥL L<ģlH w (~9-WR;C/0tSt5nVAL  |U=kb$`~f =DyBfOx;r+kF3UʝWRVy'g)WNyVc$C V6_2-ӧO)Esr:w'e?~uVkC{ց$l J=Ұ.Z*X![r5}a׼6F]RZRKHD,Pc/X +ezdyM2&Iok7}SsdR6qwbQ54 )Kˌ7V-iV9ԴrX,y| ,D0(2n( R&a+\ڨ N`Oci9EzG'zcw@>`3әǟGRlC28c"4)>A TXäԪ)X[*~2.Q &V,'`#zsұSŅeliQ=i-);ECI_('Wy+Uu>cCLmRGE}BuߴIFʫ%efn!lX.)Ui?O~5<2eX]2XrFe9wٔAun\Ip]t%rnڳh& 'zqDe˜,Za秺 #ؚyE_z?6jr]ilu0q`(1Z3se:b+ꭧ[T+pöwAQ K1kM8vهEp"}=0"tn‚_8R"X @548 y| *jq1 b (h bAzpSE nabIta1:C.{Vv0aA>yL Z<6ėaE*㕴~>VCldA;X~\U4Ueasc'k=0ECwf0! H*7hІ{egjړt_ twPJ |~CZhIdEN;ԴG**5P6>*09f~Kӥ ] F4}k-tpMU*Ղʾ_Zv+^t m(5# #2pgrh)hMf55gӭH5y3V9y]%fZ+a1oM*=<^6AP$2W3o)AD1& /jhxUM+%Pm2hSIpa5c;[ LٔY2RL5sݿyji==#}x3sLYEn+㧐ksC/ ƻ~rnAf D|8 FΕ 6,헳fO614D6g>DvT|1-'yf?yTJJ\ $J+A:erЗSv8^gUU;MyUf̐,*Cj]K>a51r]ߘCi&!lئOlGe7M#3*p7n-˕2~2s 뼂RUˇ 7$B|rǞnPHrX%W:iu[=$ce FBR%%^萋Nv`i&x9Ll5Lfl'P`P(c&L]8ۤTf<^΀ۋ}95ף~@ f@= P.&tƝ5.1Tcfa2N8{`\&LXt Z:LT!odUsVB 'I#c&8=._Ewe2qyh7(jMn@h#&w}}Frl VVJrȹi#gD)ji =ʢ'r]N6[_-Java *s>P9ɷonhCmCXp| ^?K{e, ,"zR=.=2a7ZPf3111t/x{~iwoz}UݷK( -$P) WAhxa{I1}g]Itu;= Ct.zI}0qnqNkw.3!9m?{Ը]`>|ֿH㇫Χ>o|hc0.[-j2m&A)`Qo>rfWOFپ ]wᳳI/`yAN9pWKǝ?wH-)^s)z0W&8k8`O*aո ?>n48Z&IEqDCwȰ Z_ƥsl]qfꅰjZ ^Ok5W&'27p- ې}g#s~uY PH2'_!aPHR ~tDݽkwޗj?$i^ Í7"HtSϭ+21 &r֚S%[@ {t#1aTw݃d* e~=m0결nIlx0eRL锐']I8 z>RB'T5˓$/IYO)Eqjhd꒐~~(h&'ءXҡқ^6.6'8 $O krisq/^Y]s>ͥ=0qj8;?P.ZsRɵii:Uj3d]yF<.ďg%㇆3MQLf\tzqk]ŗ)arԂ.cAI#Q 6j 2'|dO#@/,vh6tY ~AXy Vorl8Grs&8<#P`G ܍)“g$`GDA5}ég6A jm3Z0\k9f>V2?_Bc#ZT^?1;lTŷ̈́3S7p&/5U)~elƚ[sLBIpIM{fr+ (? ܻ'Vxe86[bv[01| ttjڰJ[~>k(rxVnR˪jee_w`ڤWc# Iψg.ƙCO $} $ّ ZGta+oHݲL` @p-eÂ{Mg9@L#lQSeM7Ћ~a ًEY#BAc ˂'3 `z#۶qGz: vOz[SO) q {go<3 nٸ*R!wyvߏ4y3FbZkzp'`@܂? וhJxL1Yp8F~,OjUPzL({P6Nf,1pahzς ꘾@ѕzr ,Մ@ږ[a6A8MymXi겎oWH\JCym"u[PGyoӬ#bq8g=>ڤg )ρ&<"s2SWX2gE7s42w|c|0n7=SJ+ .t0% {W?u4߰(?m7-GO{kS K<>S/xZ_<ݮeܴIX~˙zBC6\:KXC1@DV%PUw!]@R7p,jKx`vYa/g4H&o c!"J݇eMS2e ڢ+ vWhRmm[xkx61"ac` *u>Is#}r% qp8s0Db/\R}|GD#L@(FkdVBx+Y#BLm(sPb}IU%)##wu//}0Ih WG vSb vFBhD@#!4;EDΨ~3)$ f^ |uCHF3c6NH^d.ԛy@0#Jm넽̈@tF87-{T%){]/tS¬ \b2AB+{ͥ̕u)E+µm/rDz,GƅJ qɓĒ@`R<EBP$*L!uWZ&bG+d5Kq! E~wb~wb~wb~wbg;1˕bt'f×6_XrUo ;\)"\y󅩛oXEk> {Iv,jm,' X7!'s 2FΥP>c3'Y#z{@ }=`mhSZᅕα:@Ά`%Db` ,a8>lNc#1RQ=A+ݣ/f3JWxz=4,0CX7!^||kD%RɄ_A9rW|kfvcEq6+A(B-𛷿c d;6#LHj~6}A˽=V4)* mX[`8θċW;Ow]@VE[6bԹKfD\ MgDdfph֒_fX*l%I"q0MQqD3'oůC s$Xz["+J,Kɻ0cн>u]L§[4(PT|>k~~i/m~A}[˼ w 04꿓$yj1nQ,C$&Hm~0 d<Œ/OpygsxsRyuFʼn߱yxH{]S`܀G*ZWqi2soܑ?5Zç!3TqCb$cڿ`kݰ PAgt~D)F|?^-YfY(op+oc䭼d?܉.E!?Sdף  (g*Dz'q'."j\Djs鳤+A#샒=%h5L? ,q)DsQ9?:-[VAXz- D9DNE0H^XA;$pD]bɠC `AKfRlǛaİES,Y4𖫐K11\R;G\.he,zVdqK2&ϯ #zPWwƌFSj9椷 G]#DHZtKHU) &` /,~Ũt 6 yZŠx!Vi <l+=q,vX5nzu3_i<1E7ZzڝZ<hfU'j"n?tf= p“-* ;,nG2 n-&~iX>H'*t=jhpC+JTa6 ګ*ejGU9ګRѪE5ymڰjI]O[PUr3EI\1ڣvc0/bZNa=kΏkTXC.,|\S~&Z:<~Q-mERbdӃPK6n~  .o ^j$ׁp>< Pm̼ϴ@GBSxCwGd.$qq5DžYRW7˽}D['鍀I+62sXR|b)c p[׭GF\g^uE@ LG&kήh}tQh uwe~qkt:&5KqfldaQ({b8M t߃3,ȏ]#Klݜ(8j1I(tCK/Hzs\ fbu;1Cah),f,TՊR &uU} !2,=VR<>AguUq VH+^@03:%P#>^Sko7}srҹ" rrjU\YOIa[+|Uw:/ǝ/'URdg&R0mw 5Eš\ «.Y2U94dG0=4yo={U6jUzq7 &6鏩CFyvljŵ6vg5^L˒)1 ΧxM/G*4]V0<*(hOuqt.ZzhR3`dzP1+( FFy;MAQ~ O>'v~^_nfF9?ϴ/2ʡ_3fy,@ }3sgy2zg(Q~ dCyF9E^\dEuw@t2OK'C\\f%Utn]A֗_sV99 nh}5_g^g55u%:Iʘ!gK\8=Rer ~)A_d_y*%IF>g賲+z'_˰̠s32Я!eߗdnld~m_wu CFWT=k ϼdmMuZk8VҮ [/h}0^ZE/ޤR~P`24UJ` z!J1 4c֭dK1BDO"׏ ѱFM$WeL,d 'Eu//{_۱ Cf@2b'`{8z9(˪7}¤mz6.eа!,%sv[`\;o=2g9?/tA>3=eN='ݹfSH!L&lOʗ[l,)1{;sh6Կa "9/sM 4L6 郧rS+.Ġ/2>gG4WBMxXU7M&cӄ2 p`ł霰)#,|H𵭦NLZԝ86Zd%:L7>%Ͷ cTF\gȌa)x%lOt ,Mav; ăV v,}xkb&zU h$.6=j"6: gC“Ja{[o\)%:xit[p"1b9?"ㅰxo!Z^y|XT ^Yұ ߚR TD"vy9= |In[zQؗE@1agG0HYUҎK7? /X)un'|o|F,kϹ n9iS[x=1|j;;1m ˖;7) m+#8C>ܸmQ޺%pm.;+C&:bz:SAW(|x@loM^.1ue|nHHUƧf2{M;:з 57`([| ӽy^?Fuo/A.SlK 6- `⎈MeeZ:DR*,Dl'f ,~sf_-r xgsg_(LOWvm:y@t [-] vE he/y" B#V|JrX}P/):OOgsZ%.<_Hʶ"],{ QFbF@q -E6CwϏp`2uoz/'8KIJ =aq1jVI;;a0&iE-㨤t`C v_ʉ~ph[?҈>A wVǰYF!&7O80Ux|-h\l}[}8t,s80#ŸErsg2~'[]2*eKb׹W6xozc|>[z0XjPtP9ɓz0 9LMhc{pfi#fSS{3 ;τ ixv4<1TF_E@G7`yUĔfٵ\RKnrmmck }˦bN܌aBbr L%g% S^೐|,/A-r*r*]xD4;NbŠ biS!f07Nw6̈́ В^&Ůvbe}|ǁ)