Computerworld - A missing laptop and hard disk containing personal data on over 26.5 million veterans has been recovered, Department of Veterans Affairs Secretary Jim Nicholson announced this morning.
"The investigation continues to see whether or not this information has been compromised in any way," or whether copies of the data have been made, Nicholson said just before a scheduled hearing before the House Committee on Veterans' Affairs. He later said that initial FBI forensics tests indicate the data on the laptop and disk has not been improperly accessed.
Nicholson said he was informed that the missing laptop and disk had been found just before the hearing was to start. "It was confirmed to me by the deputy attorney general right before coming up here that indeed law enforcement [officials] have in their possession the subject laptop and hard drive," he said.
His announcement appeared to catch those at the hearing completely by surprise and the start of the hearing was briefly delayed.
The laptop theft touched off a firestorm among veterans and government officials angered that the data, which included personal information on active-duty military personnel as well as veterans, had been compromised.
It was not immediately clear how the laptop and hard disk were recovered.
Nicholson's announcement appeared to do little to head off scathing criticism from committee members. Rep. Bob Filner, (D-Calif.), a member of the committee, called Nicholson's announcement a "little stunt." "The word 'quick' does not seem to characterize anything about the VA's response to this threat," Buyer said in his opening statement. He also said that he was "pretty stressed" to hear about the loss of a VA tape in Indianapolis. Regarding that tape, Rep. Steven Buyer (R-Ind.), chairman of the committee, said it contained personal data on more than 16,000 legal cases. Another data breach, this one in Minneapolis, was also made public by Buyer. Nicholson, in his testimony, later offered more details about those breaches. The incident in Indianapolis involved a backup tape reported missing from a locked room at a regional council office on May 5. The tape contained legal and case-related information on 16,538 veterans, Nicholson said, adding that he learned about it on May 23 or 24. He said those affected by that particular breach are being notified of the potential loss of their personal information. The incident in Minneapolis happened in 2005, Nicholson said without giving a specific date. Papers containing names, addresses and Social Security numbers belonging to 66 veterans were lost when a VA auditor put the papers in the trunk of a rented car that was stolen. "The incident in Minnesota was brought to our attention by a postal inspector who had reason to believe that two patients in one of our extended care facilities was having their IDs stolen," Nicholson said. Yesterday, the committee heard testimony from former CIOs of the VA on IT organizational structures that could have prevented the breach from happening (see "IT centralization at VA key to security, former agency CIOs say"). Today's hearing was to have been devoted to the VA's efforts to address the data breach. As for the stolen laptop, Nicholson said: "The only part I had in this recovery was my prayers to St. Anthony." After back-and-forth between Nicholson and committee members about efforts to revamp the IT operations at the VA, Buyer announced that the agency's chief information security officer had resigned this morning. That news appeared to catch Nicholson off-guard.
Read more about Privacy in Computerworld's Privacy Topic Center.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
