Stolen VA laptop recovered; data appears untouched
Taken last month, it contained data on millions of military personnel and vets
Computerworld - A missing laptop and hard disk containing personal data on over 26.5 million veterans has been recovered, Department of Veterans Affairs Secretary Jim Nicholson announced this morning.
"The investigation continues to see whether or not this information has been compromised in any way," or whether copies of the data have been made, Nicholson said just before a scheduled hearing before the House Committee on Veterans' Affairs. He later said that initial FBI forensics tests indicate the data on the laptop and disk has not been improperly accessed.
Nicholson said he was informed that the missing laptop and disk had been found just before the hearing was to start. "It was confirmed to me by the deputy attorney general right before coming up here that indeed law enforcement [officials] have in their possession the subject laptop and hard drive," he said.
His announcement appeared to catch those at the hearing completely by surprise and the start of the hearing was briefly delayed.
The laptop theft touched off a firestorm among veterans and government officials angered that the data, which included personal information on active-duty military personnel as well as veterans, had been compromised.
It was not immediately clear how the laptop and hard disk were recovered.
Nicholson's announcement appeared to do little to head off scathing criticism from committee members. Rep. Bob Filner, (D-Calif.), a member of the committee, called Nicholson's announcement a "little stunt."
"The word 'quick' does not seem to characterize anything about the VA's response to this threat," Buyer said in his opening statement. He also said that he was "pretty stressed" to hear about the loss of a VA tape in Indianapolis.
Regarding that tape, Rep. Steven Buyer (R-Ind.), chairman of the committee, said it contained personal data on more than 16,000 legal cases. Another data breach, this one in Minneapolis, was also made public by Buyer.
Nicholson, in his testimony, later offered more details about those breaches. The incident in Indianapolis involved a backup tape reported missing from a locked room at a regional council office on May 5. The tape contained legal and case-related information on 16,538 veterans, Nicholson said, adding that he learned about it on May 23 or 24. He said those affected by that particular breach are being notified of the potential loss of their personal information.
The incident in Minneapolis happened in 2005, Nicholson said without giving a specific date. Papers containing names, addresses and Social Security numbers belonging to 66 veterans were lost when a VA auditor put the papers in the trunk of a rented car that was stolen. "The incident in Minnesota was brought to our attention by a postal inspector who had reason to believe that two patients in one of our extended care facilities was having their IDs stolen," Nicholson said.
Yesterday, the committee heard testimony from former CIOs of the VA on IT organizational structures that could have prevented the breach from happening (see "IT centralization at VA key to security, former agency CIOs say"). Today's hearing was to have been devoted to the VA's efforts to address the data breach.
As for the stolen laptop, Nicholson said: "The only part I had in this recovery was my prayers to St. Anthony."
After back-and-forth between Nicholson and committee members about efforts to revamp the IT operations at the VA, Buyer announced that the agency's chief information security officer had resigned this morning. That news appeared to catch Nicholson off-guard.
Read more about Privacy in Computerworld's Privacy Topic Center.
- Pivotal Melds Big Data and Platform-as-a-service The value of Information has increased, so has the business's thirst for more information. Access to data and collaboration are at the heart...
- Operationalizing the Buzz: Big Data 2013 The 2013 EMA/9sight Big Data research surveyed 259 business and technology stakeholders around the world.
- The Pivotal Big Data Suite- Reducing the Risks of Big Data The explosion of big data and the rapid evolution of big data tools and technologies is challenging IT to meet the demands of...
- The Principles of the Business Data Lake The Business Data Lake is a new approach to information management, analytics and reporting that better matches the culture of business and better...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!