Veteran Affairs Secretary Jim Nicholson testifies about the theft of personal information of military personnel and veterans Thursday on Capitol Hill in Washington. AP Photo/PABLO MARTINEZ MONSIVAIS
Posted on 06/09/2006 5:13:35 AM PDT by Libloather
Veterans Affairs head says stolen data possibly erased
Nicholson reports agency's security remains vulnerable.
HOPE YEN
Associated Press Writer
June 09. 2006 6:59AM
Veteran Affairs Secretary Jim Nicholson testifies about the theft of personal information of military personnel and veterans Thursday on Capitol Hill in Washington. AP Photo/PABLO MARTINEZ MONSIVAIS
WASHINGTON -- Stolen personal data for 26.5 million veterans and military personnel may have been erased by teenagers who sold the computer equipment, Veterans Affairs Secretary Jim Nicholson said Thursday.
In testimony to Congress, Nicholson accepted responsibility for the May 3 burglary at a VA data analyst's home. He said the agency remains vulnerable to other security lapses and that changes won't happen overnight.
"This has been a painful lesson for us at VA, and I am committed to assuring that we have the people, adequately trained, policies and procedures in place to assure that this could not happen again," Nicholson told the House Government Reform Committee.
He explained that the burglary occurred in an Aspen Hill, Md., neighborhood in which there had been a pattern of thefts by young burglars who took computer equipment, wiped them clean of the data and then sold them on college campus or high schools.
"We remain hopeful this was a common random theft and that no use will be made of this data," Nicholson said. "However, certainly we cannot count on that."
Lawmakers were skeptical. They noted that the committee and the Government Accountability Office, Congress' investigative arm, had warned the VA for years that security was lax.
"Secretary Nicholson, you blame this on an employee who was fired, on a culture, on people doing what they're not supposed to be doing," said Rep. Henry Waxman of California, the panel's top Democrat. "That doesn't sound like we're getting to the heart of this with passing the buck."
Added Rep. Christopher Shays, R-Conn.: "It is beyond stupid to take out sensitive documents."
Congress is trying to determine whether the VA took proper steps to guard against the unauthorized disclosure of personal information. The VA has said the data analyst -- who has been fired -- violated procedures by taking home for three years the names, Social Security numbers and birth dates without permission.
Earlier this week, Nicholson acknowledged that the stolen data -- which was stored on the employee's personal laptop -- included personal information on about 2.2 million active-duty military, Guard and Reserve personnel. The agency originally said the number was 50,000.
During the hearings, Nicholson pledged new initiatives to protect private information, saying he ordered that no personal laptop would be allowed to access the VA network. About 35,000 VA employees have that clearance, although not all have access to veterans' personal information.
Rep. Steven LaTourette, R-Ohio, pressed Nicholson on whether the VA had received any reports that the stolen data had been used for identity theft.
LaTourette said one Gulf War veteran, Steven Michel of Ashtabula, Ohio, had reported he might be a victim after discovering he had not received his monthly VA disability check.
Nicholson said local and federal law enforcement have not notified the VA of any identity thefts stemming from the data breach, one of the nation's largest.
"To care for him who shall have borne the battle and for his widow and his orphan."
This is the stated mission of the Department of Veterans Affairs. So far I am not impressed with the department's response to the recent theft of data containing information that jeopardizes the identities of the some 26.5 million people who rely on the VA.
I am not a veteran. However, I have had the pleasure and honor of counseling a number of them during my 15 years as head of a nonprofit organization that provided financial counseling at the Naval Education and Training Center at Newport, R.I., as well as at the submarine base in Groton, Conn. I have never met such a group of idealistic, patriotic -- and financially naive -- young men and women. They give their all and get very little in return. The VA needs to do more to help fix a mess that they might not have caused, but for which they are certainly responsible. Here, in my expert opinion, is my list of 10 things that should be done immediately:
1. Go before Congress and demand that its members implement a national data-freeze option for service personnel. Many states offer this protection to anyone living within their borders. The VA should demand this level of protection for our veterans.
2. Stop discounting the problem. Explain in detail the dangers of identity theft beyond simple credit issues. Outline all the steps of action a concerned veteran should take.
3. Raise the reward for the return of the stolen information from an incredibly low $50,000 to at least $1 million or the market value of the stolen identities.
4. Arrange for a free credit report monitoring service that scans all three major credit bureaus and public record monitoring for up to seven years. In addition, allow individual veterans, who wish to monitor their own credit, the option of personally ordering credit reports monthly with compensation for the expense.
5. Create an identity theft passport that identifies the person as a victim of identity theft and send it to all veterans. The passport will be used to help establish innocence of any crime related to the theft of identity with law enforcement, creditors and credit bureaus.
6. Provide independent identity theft insurance coverage as part of the veterans' package of benefits.
7. Make available free credit counseling and education services to those who want it.
8. Team up with local nonprofit organizations and sponsor identity theft information workshops in community locations across the nation. Include specific action plans for those who are victims of identity theft.
9. Set aside funds in a trust to cover the expenses of veterans whose identities are compromised and need to spend time and money to correct the problem.
10. Communicate to each veteran individually in written form, and in as many languages as may be needed, explaining in detail what happened, how they are affected and specifically what information of theirs was compromised by the data breach.
If Veterans Affairs would do the above 10 things, it would go a long way toward alleviating the real and potential problems veterans face as a result of the data breach. I plan to write in more detail regarding these 10 items in future columns.
The Debt Adviser, Steve Bucci, is the president of Money Management International Financial Education Foundation and the author of Credit Repair Kit for Dummies. Visit MMI for additional debt advice or to ask a question of the Debt Adviser go to the "Ask the Experts" page and select "debt" as your topic.
http://www.bankrate.com/brm/news/debt/20060609a1.asp
How does he know if it was teens who stole the laptop, and how does he know it was sold? Am I missing something?
Teenagers erased the data. Hah, so much for the security snit on this computer. How many times has just such a functionary told us about how many rewrites a disk needs to make data un-recoverable? Will someone tell this pol that erasing disk data merely randomly labels it.
That just has to be gigs and gigs of data. Another Wen-Ho-Lee data pack-rat.
This is a ridiculous quote. If it is VA policy not to allow data to be removed from the workplace, Nicholson can't be directly responsible for an employee who violates said policy. Based on Waxman's logic, 'ol Henry would be responsible for anyone who violates a law for which he voted.
Yes, you are. Gullibility. Please go out and buy another boxload of it.
They are in a whirlbool of cess. The more it's investigated, the more "bad" info comes out of it... the number of Vets names, personal info, lack of encryption... so the "best" way they can think of to stop the whirlpool is to say "no problem, it was all erased", and then hope that everyone relaxes.
He doesn't "know" any such thing. He's purely speculating based on the types of burglaries in that neighborhood.
Idiotic. He's attempting to lessen the impact while "taking responsibility".
"Stolen personal data for 26.5 million veterans and military personnel may have been erased by teenagers who sold the computer equipment, Veterans Affairs Secretary Jim Nicholson said Thursday."
Straight from the propagandist at the Ministry of Truth!
"teenagers who sold the computer equipment..."
And if they ever catch them, there will be no punishment.
Veteran Affairs Secretary Jim Nicholson should have fired the idiot who brougt that info home, and Nicholson himself should be fired for this serving of horse**** he's serving to the Military and to Congress. Is he wearing a "Don't worry, Be happy" button?
As an active duty member who may or may not have had my information stolen. Story changes daily. New story says that anyone who reenlisted or finished an enlistment in 1991 may have had data taken. I finished first term in June 1991. The only question I have is when is this thief going to be charged. I find that employment ending is not enough. This seems to big to me. I would like to really find out his intentions of why he took it home with him. His real reason. I would be more satisfied with him saying, "Yes, I was going to sell the info but I was robbed first" rather than these lies he is claiming. If I was on a jury, I would take telling the truth in concideration to the amount of time in jail, probation and perhaps acquittal.
Well, that's mighty noble of him.
When is he due to be sentenced for the burglary?
Well, not necessarily. If it's in a database format (probable, since it's unlikely that its just plain text or Word documents), it's compressed. It might be only a few hundred megabytes. Also, if it's a database it's likely password-protected and inaccessible to casual thieves, anyway.
The employee probably just thought time could be saved by keeping a local copy of the database on the notebook. This happens all the time, and Waxman's aides are probably doing similar things, so he should watch where he casts stones. ;)
Shush your mouth!
You're not susposed to be training Capitol Critters in data security technology!
I figure the employee who took the stuff home must be a Democrat, because if he were a Republican we'd have been told that by now.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.