Michael Gracie » VA

Veterans Administration heads down encryption route

Michael Gracie — Tue, 15 Aug 2006 13:38:36 +0000

The VA, who lost a laptop then found it, declaring the data had not been tampered with, has decided to listen to the White House. They are taking the high road, and going to encrypt all laptop data (actually, all sensitive data, which I assume includes that which resides on desktops as well).

All I can say is congratulations. They are “getting it.”

The VA laptop is back

Michael Gracie — Fri, 30 Jun 2006 13:55:24 +0000

Once gone, now recovered.

No word on how it was recovered, but someone mentioned they think the data within might not have been accessed. Gone for over a month. Plenty of publicity. Now a stealth recovery and no breach. Sounds like someone wants to get out of paying many millions for credit monitoring if you ask me.

***UPDATE***

The questions about access remain, but not how it was re-acquired. Someone turned it in after buying it off the back of a truck. The random burglar theory is reconstituting.

***UPDATE 2***

And now they think they have their thief.

FTC missing two laptops, and a bunch of 0’s

Michael Gracie — Fri, 23 Jun 2006 18:46:25 +0000

Reuters says that two FTC laptops were stolen, and the report is a whopping 110 people be affected. Wow, 110!

This follows the VA data theft debacle, which resulting in a significant number of records (like over 26 million significant) and the resulting upward estimate to include active servicemen and women. First estimates are almost always understated. I wonder if the FTC spokesperson just forgot about a few zeros.

We’ll soon find out.

Don’t worry - data thieves are ignorant

Michael Gracie — Wed, 24 May 2006 16:05:07 +0000

Email Battles noted that a Veterans Administration laptop with 26.5 million social security numbers was stolen, and that the VA responded by saying the thieves may be..

“..UNAWARE OF THE INFORMATION WHICH THEY POSSESS OR OF HOW TO MAKE USE OF IT.”

Uh..were the thieves “unaware” before or after they cased the situation, noting where the laptop might be and at what time? Or maybe they were “unaware” until they realized how stupid the VA was, and that just such a major announcement was forthcoming, and then they would become “aware” of what was on said machine. No, they were probably just regular readers of these pages, and became “aware” of what prime targets laptops were.

My bad.

***UPDATE***

The VA chief says security has been lacking for some time, noting that:

..an agency employee had been taking home sensitive data for three years before it was stolen from his residence..

And what was that about thieves not knowing what they had?