Lawmakers tear into VA head after massive breach
Lawmaker calls for Nicholson's resignation as costs mount
IDG News Service - U.S. lawmakers on Thursday ripped into the U.S. Department of Veterans Affairs for a massive data breach announced this week, with one congressman calling for the resignation of the agency's leader.
The cost of fixing the data theft, involving the unencrypted personal records of 26.5 million veterans and their spouses, could cost "way north of $100 million" to fix, said VA Secretary R. James Nicholson, while speaking to the House Veterans' Affairs Committee. Asked what assurances he could give to veterans who could need help fixing credit problems or recovering lost money, Nicholson said he didn't know, without authorization from Congress.
Rep. Bob Filner, a California Democrat, questioned Nicholson's commitment to take responsibility for the data theft, which included Social Security numbers and information on health conditions. Filner and other members of the House Veterans' Affairs Committee also questioned why the VA waited until Monday to announce the data theft, which happened during a May 3 break-in of a VA analyst's home.
Nicholson's explanations about the incident were "incredibly bureaucratic," Filner said, in the first of two congressional hearings VA leaders faced Thursday.
"You said, 'I take responsibility,''' Filner said. "The most dramatic thing to do to take responsibility is resign. You tell [veterans], 'If you have any problems, call your credit bureau, call your bank.' Where is your responsibility in all this?"
VA Deputy Secretary Gordon Mansfield failed to tell Nicholson of the theft for 13 days, the secretary said. Nicholson is still reviewing disciplinary actions for Mansfield, the analyst who took home the data and others at the VA involved, he said.
Nicholson called the theft "devastating" and said the failure of employees to notify him of the theft shows serious problems at the VA. "As a veteran myself, I must tell you I was outraged," he said.
Committee Chairman Steve Buyer , an Indiana Republican, said the "intolerable" incident is part of a long history of VA officials resisting change in its IT infrastructure and its cybersecurity efforts. "I believe there's a damaged trust, angered veterans and their families, and there are systematic flaws," Buyer said.
Buyer suggested the agency offer a $1 million reward for the recovery of the missing data. "That million dollars is nothing compared to what we're about to spend" to fix the VA problems, he said.
The agency has received an F grade in four of the past five years on an annual cybersecurity review by the House Government Reform Committee.
So far, there's no indication that the stolen data has been used in identity theft schemes, Nicholson said. The VA has declined to give out details about the break-in, including the storage media, because the thieves may not know they have the data, he said.
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Pragmatic Endpoint Management: Empowering an SMB Workforce in the Age of Mobility Lacking the time for proper training and education, SMB administrators often resort to taking shortcuts to keep their environment running.This paper discusses the...
- Gartner Magic Quadrant for Application Security The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Legal White Papers | Webcasts