Don’t worry – data thieves are ignorant

Email Battles noted that a Veterans Administration laptop with 26.5 million social security numbers was stolen, and that the VA responded by saying the thieves may be..

“..UNAWARE OF THE INFORMATION WHICH THEY POSSESS OR OF HOW TO MAKE USE OF IT.”

Uh..were the thieves “unaware” before or after they cased the situation, noting where the laptop might be and at what time? Or maybe they were “unaware” until they realized how stupid the VA was, and that just such a major announcement was forthcoming, and then they would become “aware” of what was on said machine. No, they were probably just regular readers of these pages, and became “aware” of what prime targets laptops were.

My bad.

***UPDATE***

The VA chief says security has been lacking for some time, noting that:

..an agency employee had been taking home sensitive data for three years before it was stolen from his residence..

And what was that about thieves not knowing what they had?

Comments

mike baechle says:

I made the mistake of reading the news.

It seems that an “analyst” at the Veterans Admin took home files (on disc) of 2.6 million veterans. This nitwit lives in a neighborhood where multiple burglaries have occurred in the recent past!!!! And lo and behold, some thief has now taken th data the VA analyst stole.

I am perhaps unduly ignorant of modern storage media, but as a veteran I have a good idea of the size of my VA file, and I cannot see how files of 26.5 veterans could have been stored “on a laptop”. I think the VA employee who took that data home must have amassed it carefully over a long period on data disks.

I am unable to see what job the analyst could have that would require the taking of that number of files. I have to assume the VA employee was mining and selling data.

Now personal data on 26.5 million veterans, not to mention spouses of those veterans,including names , addresses,and social security numbers, medical data, and personal information–including credit card data if the veteran pays drug copayments by credit card are in the hands of persons unknown.

And guess what else? The Secretary of the VA waited two weeks to tell the FBI. His explanation is that he wanted to have time for the VA to set up a website to allow Veterans to “express their concerns”.

The VA assures us that the thieves “probably don’t know what they have”. Well, the VA analyst is also a theif and the analyst certainly knew what he or she had stolen.

Notwithstanding, the Secretary does pronounce himself “incensed” at the analystfor “violating security” WHAT SECURITY?.

A spokesperson at the VA has announced that the VA has “reached out” to the credit bureaus to advise of the possibility of credit fraud. Isn’t that nice? “Reaching out” has such a genteel ring to it. As if the credit bureaus frankly give a damn, my dears….and as if they are going to drop everything and jump into 26.5 million credit records, particularly when the VA probably hasn’t even identified the people whose data was stolen.

George Bush pronounces his “full confidence” in the Secretary of the VA. This is the same President who has the NSA trolling through phone calls and internet records of US citizens to “fight terrorism”, and now the data is out there to allow the bad guys to create all kinds of false ID’s, not to mention financial havoc for identity theft victims.

It needs to be noted that a few years ago the Govt passed a convoluted and draconian statute called HIPAA or HIIPA (can’t recall which) which creates major hurdles before a medical records custodian can disclose medical data re patients. Now the US Gov’t itself is the biggest violator of that statute.

Is this administration incompetent or what?
Where in the world do we get these people?

The only saving grace is that this will open up the possibility of a major class action suit against the US Govt.

Mike,

I feel your pain. Knowing recipients of benefits from the VA, your comment made me wonder how much they are at risk; my concern continues to grow.

On the HIPAA notion (you got it right the first time), I have found that, like most bureaucracies revolving around personally identifiable information, the information is only accessible if you ARE NOT the subject of the data. Just one more knife in the back of the everyday citizen.

Note: HIPAA stands for Health Insurance Portability and Accountability Act, and was intended as a privacy measure. I have heard several stories of folks getting denied for health insurance, and then been refused the data which resulted in the denial. All the more reason to pay for full coverage, and not seek medical help unless you have a compound fracture.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.