News Nat. Guards' personal information stolen

[Rach3]

Yesterday I was whining about how the Veterans Administration initially misrepresnted the scope of the stolen data of 26.5M veterans. I was wondering just now whether that bureau is so incompetent as to not understand their own databases, or whether they did know exactly what went missing, and their public statement was a fabrication intended to minimize their PR damage. Well, I'm no closer to resolving that question. But it turns out there's still more they didn't reveal:

WASHINGTON (AP) -- Personal data on up to 50,000 active Navy and National Guard personnel were among those stolen from a Veterans Affairs employee last month, the government said Saturday in a disclosure that goes beyond what VA initially reported.

VA Secretary Jim Nicholson said in a statement that his agency discovered after an internal investigation that the names, Social Security numbers and dates of birth of up to 20,000 National Guard and Reserve personnel who were on at least their second active-duty call-up were "potentially included."
...
Veterans groups have criticized the VA for a three-week delay in publicizing the burglary after the May 3 theft.

http://www.cnn.com/2006/US/06/03/va.theft.ap/index.html

Nicholson's use of the subjunctive, "...were potentially included...", suggests the "clueless and incompetent" explanation. But the initial 3-week delay in reporting the loss, without notifying veterans, suggests an unethical emphasis on PR, which may be evidence towards the "he lied" version. So which is it?

 

[Rach3]

I'll have to one-up myself yet again. The number of active-duty troops involved is not 50,000 as reported, it's actually http://today.reuters.com/news/newsArticle.aspx?type=domesticNews&storyID=2006-06-07T001707Z_01_N06435124_RTRUKOC_0_US-CRIME-USA-VETERANS.xml. Incompetence or lies, the question remains.

But now Veterans Affairs said that as it and the Pentagon compared electronic files, officials discovered that personal information on as many as 1.1 million military members on active duty, 430,000 National Guard troops and 645,000 members of the Reserves may have been included in the data theft.

http://today.reuters.com/news/newsArticle.aspx?type=domesticNews&storyID=2006-06-07T001707Z_01_N06435124_RTRUKOC_0_US-CRIME-USA-VETERANS.xml

Incompetence!

(Interestingly enough, the article itself vacillates between 1.1M and 2.2M... incompetent journalist, mayhaps?)

 

[Moonbear]

Yesterday I was whining about how the Veterans Administration initially misrepresnted the scope of the stolen data of 26.5M veterans. I was wondering just now whether that bureau is so incompetent as to not understand their own databases, or whether they did know exactly what went missing, and their public statement was a fabrication intended to minimize their PR damage. Well, I'm no closer to resolving that question. But it turns out there's still more they didn't reveal:

http://www.cnn.com/2006/US/06/03/va.theft.ap/index.html

Nicholson's use of the subjunctive, "...were potentially included...", suggests the "clueless and incompetent" explanation. But the initial 3-week delay in reporting the loss, without notifying veterans, suggests an unethical emphasis on PR, which may be evidence towards the "he lied" version. So which is it?

I keep wondering why someone was allowed to take home that sort of information on a laptop. I work in a medical school, and patient data does not belong on laptops at all, and should not be ever stored in a way that it can be removed and lost like that. So, it's possible that the analyst wasn't supposed to take it home, and was supposed to work on it within the walls of the VA, so they don't know what exactly he copied onto his own computer or what someone could get access to once they have his computer if he wasn't authorized to have it there in the first place.

It could also be that they know what he had on his computer, but once someone has access to that, they could also gain access to other information on servers and don't know what was and was not actually accessed, or once accessed, what they could take with them and use.

At the place I worked previously, someone hacked the computers and got access to employee databases. Because they stored data separately, such as names on one, addresses on another, SS#s on a third, we had no way to know if the person who gained access was able to put them all together in a usable way or not, so were advised to take precautions as if they did have that information just to be safe. So, while they knew what databases were viewed, they could not tell us if anyone could actually use any of the information stored in them.

 

[edward]

There is no excuse for the loss of this information. The VA simply has no data security program. They should at the very least have dual control (two persons present) on this kind of information.

 

[edward]

A group of Veterans organizations have filed a law suit against the federal government. They are asking that $1,000 be paid to each veteran for the loss of personal data.

 

[FredGarvin]

After the last few screw ups in the federal government in this regard, I wouldn't be surprised if there were no more laptops being used period.

 

[edward]

O.K So now they are saying that the records of all active duty personnel were lost. + National Guard + all former regular military + all disabled veterans + the information was not encrypted or encoded. My God this is huge. The FBI should have been called to the scene of the robbery immediately.

It makes me wonder exactly what type of project the VA employee was working on when he took this data home??

 

[edward]

Ahh the wonders of free enterprise.

As thousands of Southern Arizona veterans await further word on their potential risk for identity theft, some are being targeted by sales agents peddling identity-theft insurance.

http://www.azstarnet.com/metro/132055

 

[RVBuckeye]

I am a veteran of the USN. I actually received a letter from the VA in the mail today concerning this.
Being as this is the first I heard about this, what was the first official story? Was it that they lied about the scope, or are they just being overly cautious?

 

[Gokul43201]

Ahh the wonders of free enterprise.

As thousands of Southern Arizona veterans await further word on their potential risk for identity theft, some are being targeted by sales agents peddling identity-theft insurance.

http://www.azstarnet.com/metro/132055

Don't you think they might need the insurance? Or do you think they are being scammed?

From the article:

Leaders of Tucson's two largest Veterans of Foreign Wars posts are taking exception to the pitches, which they see as opportunistic.

Taking exception? I don't follow the logic. Can you explain it?

 

[edward]

Don't you think they might need the insurance? Or do you think they are being scammed?

From the article:Taking exception? I don't follow the logic. Can you explain it?

Apparently they didn't approve of the idea of veterans having to buy identity theft insurance to cover a VA mistake.

No one has been scammed yet. The local guys I've talked to from both the local VFW and DAV seemed to be under the impression that the federal government was going to fix everything.

As for me I can check my credit easily, but a lot of Vets can't, especially the older ones. The ones least able to fend for themselves are the ones most likely to buy the insurance. Hells Bells even the insurance could be a scam.

 

[edward]

I am a veteran of the USN. I actually received a letter from the VA in the mail today concerning this.
Being as this is the first I heard about this, what was the first official story? Was it that they lied about the scope, or are they just being overly cautious?

Here is the latest news:

http://abclocal.go.com/wpvi/story?section=nation_world&id=4251817

The theory on where the data may now be has changed again. Now the VA is saying it may have been erased?

The data was stolen in early May. The VA waited three weeks before releasing this fact to the public?

 

[Gokul43201]

Apparently they didn't approve of the idea of veterans having to buy identity theft insurance to cover a VA mistake.

Well, they should be mad at the VA for that - not at the insurance salesman. He had nothing to do with the VA's screw up.

No one has been scammed yet. The local guys I've talked to from both the local VFW and DAV seemed to be under the impression that the federal government was going to fix everything.

As for me I can check my credit easily, but a lot of Vets can't, especially the older ones. The ones least able to fend for themselves are the ones most likely to buy the insurance. Hells Bells even the insurance could be a scam.

I think there's huge potential here for scamming/overpricing folks. I think the VA should make it a priority to (at the very least) provide advice on how people should or shouldn't react (not get taken in by scamsters). Or have they done this already?

 

[edward]

Well, they should be mad at the VA for that - not at the insurance salesman. He had nothing to do with the VA's screw up.

I think there's huge potential here for scamming/overpricing folks. I think the VA should make it a priority to (at the very least) provide advice on how people should or shouldn't react (not get taken in by scamsters). Or have they done this already?

No one has been scammed yet as far as I know. I have a feeling it will not be very long before the scamsters come up with something. Something on the order of the old "bank examiner" tricks would work.

The VA is at fault here and they need to come up with a way to resolve the "fear factor" that they have caused in Veterans and active duty military.

 

[FredGarvin]

The insurance sales tactic, IMO, is sketchy at best. It reeks of ambulance chasing. I believe that congressional members are asking Bush for money to help prevent the ID thefts. Whether that happens or not remains to be seen.

I too am waiting for a little note from the VA on this.

 

[edward]

The VA official website for this is:
http://www.firstgov.gov/veteransinfo.shtml

They keep saying everything is A O.K. but suggest that veterans request a free credit report from one of the three major credit bureaus - Equifax, Experian, or TransUnion.

If identity theft is going to be involved it is going to take the bad guys a long time to scam nearly 40 million people. A current credit report will not cover the long term future.

edit:
Plus that free credit report the VA suggests at:
https://www.annualcreditreport.com/cra/index.jsp

is a once a year thing.

 

[edward]

Data stolen from National Nuclear Security Administration

Government workers are sleeping at the wheel. Why in Gods name would information on a National Nuclear Security Administration's computer be hackable? Perhaps the NSA should use their high tech equipment to take a closer look at federal government agencies.

A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department's nuclear weapons agency.

But the incident last September, somewhat similar to recent problems at the Department of Veterans Affairs, was not reported to senior officials until two days ago, officials told a congressional hearing yesterday. None of the victims was notified, they said.

The data theft occurred in a computer system at a service center belonging to the National Nuclear Security Administration in Albuquerque, N.M. The file contained information about contract workers throughout the agency's nuclear weapons complex, a department spokesman said.

http://www.washingtonpost.com/wp-dyn/content/article/2006/06/09/AR2006060901505.html

This data theft goes far beyond the possibility of identiity theft. By showing who and where the Nuclear weapons contract workers are, it shows where the weapons complexes are.