Via techdirt.com-  The Veterans Administration (VA) should rename itself to the “Ministry of Data Leaks. It is because every year they report loss of a computer/laptop which contains unencrypted data. As a result, several security gaps are being found out in the Department of Veterans Affairs which can potentially lead to data and information security fraud. Once again, two different data breach cases have been reported. In the first incident, an unencrypted laptop was stolen, which held the social security number and other information of 616 veterans. Somedays later, a log book from a medical lab in Texas containing personal information of 3,265 veterans went missing. While it is not clear whether the data was breached, the alarmbells have rightly started ringing. This incident demonstrates the need for VA to work tightly on issues pertaining to cyber security with contractors.

In the first case, the laptop was stolen on April 22 from the personal vehicle of the contractor’s employees. On the discovery of loss, the authorities were identified immediately and subsequently the VA was notified the following day. In addition, both the user account and server access from the laptop was disabled.

In a letter issued to Shinseki, Mr. Steve Buyer, the party member of the house House of Representatives’ committee on veterans affairs said, “We would like to express our deepest concern about the continued use of unencrypted devices within VA, despite the ongoing efforts to stop such use”.

According to Mr. Buyer, 25 of 69 contracts have nothing in the contract related to encrypted data which is more than 28% of the VA’s vendor contracts.

Mr. Buyer added, “I can only conclude from this incident that VA’s procurement processes seriously lack standardization in content, fail to articulate requirements, and [lack] compliance oversight”.

In response to Mr. Buyer’s statement, VA official Katie Roberts mentioned, “The contractor self reported the incident and has disabled the user account and server access from the stolen laptop.  No further access from this laptop is possible”.

It is not the first time that a data breach incident has been reported at VA. 4 years ago a similar incident had been reported after the theft of a VA employee’s laptop which contained data of 26.5 million veterans and 2.2 million service members. On that occassion, the impact of loss for VA was worth $48 million resulting due to notification and a class action lawsuit.

Although there was no report of data usage for illegal purposes, the breach resulted in a unanimous legislation for ensuring the security of veterans’ identity and credit information.

Laptop Encryption from Alertsec

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.

Related articles by Zemanta

• VA Continues Its Annual Tradition Of Losing Laptop With Unencrypted Sensitive Data (techdirt.com)
• Stolen VA Laptop Contains Veterans’ Personal Data (techdailydose.nationaljournal.com)
• UK firms ignore encryption (newstatesman.com)