WASHINGTON - Personal data, including Social Security numbers of 26.5 million U.S. veterans, was stolen from a Veterans Affairs employee this month after he took the information home without authorization, the department said Monday.We all just got an email from the VA Secretary concerning this issue a few minutes ago. This is really bad.. but worse, it's really fishy. There's something not right.
Veterans Affairs Secretary Jim Nicholson said there was no evidence so far that the burglars who struck the employee's home have used the personal data — or even know they have it. The employee, a data analyst whom Nicholson would not identify, has been placed on leave pending a review.
Nicholson declined to comment on the specifics of the incident, which involved a mid-level career employee who had taken the information home to suburban Maryland — on disks, according to congressional sources who were briefed on the incident — to work on a department project.
We don't use "disks" at all.. though theoretically, it could be that the person copied the data onto a CD and then took that home.. unencrypted. But then they turned around and reported a disk was stolen? Very strange.
It's not unusual for people with access to sensitive data to use laptops with docking stations (I do) and to take them home to do work, or whatever. Thing is, we're never supposed to trade in "real" data at all. The VA has data scramblers, and you just wash your data through that and it randomly changes everything.. names.. birthdates.. SSN's.. addresses.. the whole thing.
Just to make sure, I verified this does not apply to infrastructure information, such as programming code and database definitions and so on - just patient data. I have all kinds of code and DB stuff on my laptop and regularly take it out of the office. That's okay..
/whew
No comments:
Post a Comment