Printer Friendly Page
VA'S "OTHER STOLEN COMPUTER" IS RECOVERED --
Desktop computer from Unisys office
"found" by FBI and VAOIG.
Story here...
http://www.gcn.com/online/vol1_no1/42012-1.html
Story below:
---------------
Second stolen computer with VA data recovered
By Mary Mosquera, GCN Staff
Law enforcement has recovered the desktop computer stolen from Unisys
Corp. that contained personal information of about 16,000 patients
treated in Veterans Affairs Department medical centers in Philadelphia
and Pittsburgh, according to a joint announcement from the FBI and VA’s
Office of Inspector General.
Khalil Abdullah-Raheem of Washington, who worked for a company that
provides temporary labor to Unisys, was arrested and charged yesterday
in federal court with theft of government property. A judge released him
on his own recognizance after he posted a $50,000 bond.
VA secretary Jim Nicholson praised the investigative work of the FBI and
VA's Office of Inspector General.
“It appears that the Unisys computer was not targeted for the veteran
information it may have contained,” Nicholson said in a statement.
The VA data contained insurance claim information with names, addresses
and personal identifiers, VA said. The FBI is conducting a forensics
analysis to determine whether VA data was compromised.
“The recovery of the computer is a shining moment for both the FBI and
Office of the Inspector General for the U.S. Department of Veterans
Affairs,” said Sen. Larry Craig (R-Idaho), chairman of the Senate
Veterans Affairs Committee. “This is the second time law enforcement has
come through. Let’s hope there is no need for a third time.”
The recovered computer was stolen last month from the Unisys office in
Reston, Va. The alleged thief was working there temporarily as a
building maintenance employee, Craig said. The company had offered a
$50,000 reward for information leading to the recovery of a missing
desktop computer.
Unisys had observed security controls, but there was no requirement to
encrypt the data, Unisys spokeswoman Lisa Meyer has said.
“The building and floor where the computer was located require security
protocols for physical access. Log-in and password protocols also were
required to access the data, which were stored in a database on the
computer,” she said.
Since the previous theft of a laptop computer, which was recovered and
which contained information on millions of veterans and active-duty
personnel in May, VA has taken steps to tighten computer security.
The agency has contracted with Systems Made Simple Inc. of Syracuse,
N.Y., to encrypt the hard drives of all VA laptop computers and mobile
devices. The agency has also contracted with ID Analytics of San Diego
to provide data analysis of information on veterans, which may have been
made public by the thefts of two VA computers.
The Office of Management and Budget responded to data breaches at VA and
several other agencies with guidance that strengthens IT security
provisions aimed at protecting data outside of department premises and
accelerating reporting of data compromises.
Lawmakers also crafted legislation to tighten agencies’ data security.
The House Veterans Affairs committee has sent to the full House for
consideration the Veterans Identity and Credit Security Act. House
Government Reform Committee chairman Tom Davis (R-Va.) introduced the
Federal Agency Data Breach Notification Act, which calls for the agency
CIO to enforce data breach policies and defines sensitive personal
information as any information contained in a record.
---------------
Larry Scott
