Monumental Security Breach

Eric — Fri, 16 Jun 2006 04:04:37 +0000

That’s what some defense department sources are calling it. The single largest data security breach… monumental? Understatement, I would say. One shmendrek at the VA decided that the personal information of some 26 million of us was appropriate for him to take home for the past three years. Amazing. Can you say criminal negligence? I thought you could.

Oh wait, what about 26.5 million violations of the Privacy Act? Monumental…I think we need a new word to describe the stupidity level and the sheer scope of this breach. But if the breach itself wasn’t bad enough it was the mishandling of the initial response by the VA that really upsets me (and I am a disabled vet with benefits, so I am directly affected by the monumental security “breach”.)

Last Friday I got a letter from the VA via the IRS informing me of the incident affecting at least 26.5 million vets, guardsmen, reservists and active duty military. So nice of them to let us know (seriously).. except that the incident occurred over a month earlier — May 3rd — and it went unreported for two weeks! Hello! Don’t you think someone should call the FBI — data security violation, 26.5 million vets names, addresses, Date of birth, socials etc.. Oy vey!

Unreported for two weeks!

26.5 million VA “customers” personal information protected by the privacy act is compromised and they sat on it for two weeks. By the time they let the FBI and police know about it they were chasing a two week old trail of what was hopefully a simple smash and grab. Unbelievable. Even more so because the analyst told senior officials about the robbery within a few hours of it happening! After that it took an additional three weeks for the VA to coordinate with the IRS to contact all veterans with the letter.

So far two heads have rolled over this, but I’m sure more will follow (they had better!) and there will soon be a complete revamping of the security policy and IT systems in the VA. Recent GAO reports, released after a recently announced VA lockdown, have only strengthened the case of congressional calls for Nicholsons head on a platter, along with the termination or resignation of all VA officials involved in any way in delaying the reporting of the theft.

In our house we will continue to monitor events in Washington as well as keeping a very close eye on all transactions in our accounts, it’s all we can do because while they were so kind in providing me with a number to call for specific information in the letter, when a veteran or service member calls the number as I did, they can’t get any information regarding whether your name is one of the compromised.

Monumental indeed… monumental stupidity in the breach of security, breach of trust and monumental mishandling of the whole affair.

Eclectic Echoes » schmendrek

Monumental Security Breach