VA NEWS FLASH from Larry Scott at VA Watchdog dot Org -- 05-23-2006 #9       

Want more information on this and other veterans' topics?
 Try the VA Watchdog dot Org Search Engine.

UPDATE: LATEST ON VA DATA THEFT -- VA'S EXPLANATION FULL

OF HOLES -- DIGITAL INCOMPETENCE

 

 

By now we all know that the names, DoB and SSN of 26.5 million veterans have been stolen.

Background with back links here... http://www.vawatchdog.org/old%20newsflashes%20MAY%2006/newsflash05-23-2006-7.htm

This entire story is full of holes.

Supposedly, a data analyst who works for the VA took the information home to do some work.

But, if what the VA says is true, what possible statistical / data analysis can be done with just a name, DoB and SSN?

This data, as reported, would only have value for identity theft.

Now, if the data included address, medical info, etc...then the analyst would have something to work with.

This just doesn't make sense.

So, if we assume that the analyst did not take the information to sell...it leaves just one other explanation..........

There was more personal data stolen than the VA is admitting.

Below is the latest info on this "fire drill" and then a commentary on "digital incompetence."

Story here... http://seattletimes.nwsource.com/html/nationworld/2003012577_datatheft23.html

Story below:

---------------

"Enormous" security breach leaves veterans vulnerable to ID theft

By Christopher Lee and Steve Vogel

The Washington Post

WASHINGTON — As many as 26.5 million veterans were placed at risk of identity theft after intruders stole an electronic data file this month containing their names, birthdates and Social Security numbers from the home of a Veterans Affairs Department employee, VA Secretary Jim Nicholson said Monday.

The burglary occurred May 3 in Wheaton, Md., according to a source with knowledge of the incident who requested anonymity because the matter is under investigation.
Information

"In terms of Social Security numbers, it's the biggest breach," said Evan Hendricks, author of the book "Credit Scores & Credit Reports." "As long as you've got that exact Social, most of the time the credit bureaus will disclose your credit report, and that enables the thief to get credit."

A career data analyst, who was not authorized to take the information home, has been put on administrative leave pending the outcome of investigations by the FBI, local police and inspector general of the VA, Nicholson said. He would not identify the employee by name or title.

"They believe this was a random burglary and not targeted at this data," Nicholson said. "There have been a series of burglaries in that community. ... There is no indication at all that any use is being made of this data or even that they know that they have it."

Although publicly revealing the incident might tip off the thieves to the value of their booty, Nicholson said VA officials decided veterans needed to know to monitor their credit scores and credit-card and bank statements.

Nicholson said affected veterans include anyone discharged since 1975 and some of their spouses, as well as some veterans discharged before that who submitted a claim for VA benefits.

The theft represents the biggest unauthorized disclosure ever of personal Social Security data, and could make affected veterans vulnerable to credit-card fraud if the burglars realize the value of their haul, one expert said.

For years, the VA inspector general has criticized the department for lax information-security practices, chiefly concerning the ease with which computer hackers might penetrate VA systems.

Democrats on the House Committee on Veterans Affairs issued a statement calling on the VA to restrict access to sensitive information to essential personnel, and to enforce those restrictions. "It is a mystifying and gravely serious concern that a VA data analyst would be permitted to just walk out the VA door with such information," the statement said.

Sen. Larry Craig, R-Idaho, chairman of the Senate Committee on Veterans Affairs, said his panel would hold hearings on VA information security.

Nicholson would not discuss specifics of the incident, saying that disclosing details could hurt the investigation. The data did not contain medical records or financial information, but in some cases had disability ratings, he said. "The employee took it home to work with it," Nicholson said. "He was working on a project. ... But he was not authorized to take it home."

The VA plans to send letters to all the veterans notifying them that their personal information has been compromised, Nicholson said.

Identity theft and fraud has become a national problem. Three years ago, federal authorities estimated about 750,000 people fell victim to some identity scam. These days, the estimate is as high as 10 million.

"This is an enormous breach, and because the data was not stored securely, millions of people are at risk," said Ari Schwartz, deputy director of the nonprofit Center for Democracy and Technology, a privacy group.

 

 

Guarding against identity theft


The Veterans Affairs Department says it is not necessary for veterans to contact financial institutions or cancel credit cards and bank accounts in case of identity theft. Here is what veterans can do to protect themselves:

Be vigilant. Carefully monitor bank and credit-card statements. Report unusual activity immediately to the financial institution involved and contact the Federal Trade Commission.

If you detect suspicious or unusual activity, do the following:

• Contact the fraud department of one of the three major credit bureaus:

• Close any account that has been tampered with or opened fraudulently.

• File a report with your local police department or the police department in the community where the identity theft took place.

• File a complaint with the Federal Trade Commission by using its identity-theft hotline at 877-438-4338, online at www.consumer.gov/idtheft , or by mail at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Ave. NW, Washington, D.C. 20580.

Source: Veterans Affairs

 

 

Department of Veterans Affairs: www.firstgov.gov , or call 800-FED-INFO (333-4636).

Equifax: www.equifax.com ;

800-525-6285; P.O. Box 740241,

Atlanta, GA 30374-0241

Experian: www.experian.com ;

888-EXPERIAN (397-3742);

P.O. Box 9532, Allen, TX 75013

TransUnion: www.transunion.com ; 800-680-7289;Fraud Victim Assistance Division, P.O. Box 6790,

Fullerton, CA 92834-6790

---------------

Commentary here... http://www.washingtonpost.com/wp-dyn/content/article/2006/05/22/AR2006052201683.html

Commentary below:

---------------

Digital Incompetence

The government has yet to adjust to the computer age.

Tuesday, May 23, 2006; Page A16



IT'S NOT as though identity theft is a new worry. Last year companies such as Time Warner Inc. and Citigroup Inc. were in the news for losing computer tapes with sensitive personal information. The Bush administration has created something called the President's Identity Theft Task Force. Virtually every discussion of this subject makes a basic point: Although some data theft is inevitable in a digital society, institutions that collect people's names, birthdays and Social Security numbers must at least try to avoid losing them. Don't ship unencrypted computer tapes by UPS and then say you're sorry if the parcel goes astray. Don't let employees take sensitive files home, where they may be lost or stolen.

This may sound obvious, but it apparently must be said again in the wake of the news from the Department of Veterans Affairs. Yesterday the department's boss, R. James Nicholson, announced that every living veteran is at risk of identity theft after an employee took a data file containing names, birthdays and Social Security numbers home, where it was stolen. Mr. Nicholson says that the employee was not authorized to take this information home, but his department clearly failed to do enough to enforce its own guidelines. It now promises to restrict access to sensitive data to those who need it and to conduct background checks on those who do. It's extraordinary that this approach did not prevail already.

Some 26.5 million veterans risk being defrauded. If they are lucky, the thief may not realize the value of the stolen file, and it won't be used by criminals to drain veterans' bank accounts or borrow money in their names. But once personal information has been compromised, there's no telling when the bad guys may use it: The fraud may occur next month or years from now. Veterans would be well-advised to check with credit-reporting agencies periodically to see whether an impostor is taking out loans in their name. And the rest of us can only ask: How many other government departments treat sensitive information this casually?

---------------


Larry Scott

 

(go back to VA Watchdog dot Org Home Page)

Google
 
Web www.vawatchdog.org


FAIR USE NOTICE: This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such materials available in an effort to advance understanding of veterans' issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed an interest in receiving the included information for educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.
 

Send this page to a friend:    


Now we have VA Watchdog Stuff

Cups, Hats, Shirts and more

Click here to order and support the site


Here's the link to subscribe to VA NEWS FLASH as an RSS feed
 

Comments on this VA NEWS FLASH?  Email Larry
key available on request

 

  

YOUR AD HERE  - Advertise on VA Watchdog dot Org and reach veterans worldwide - click