A stolen Veterans Affairs employee’s laptop containing personal information on 26 million U.S. veterans was recovered this week.
Investigators with the Federal Bureau of Investigation (FBI) said the sensitive data on the laptop’s hard drive had not been accessed, according to a “preliminary review of the equipment by computer forensic teams.”
Further forensic examination will take place as the VA and other government agencies and companies take steps to protect consumer data in the face of a growing number of regular data breach disclosures. Despite a steady stream of new technologies and security measures taken, however, privacy and security experts predict information will continue to be lost, and consumers will continue to be at risk.
“This issue is not going away,” Electronic Privacy Information Center Executive Director Marc Rotenberg told the E-Commerce Times.
Lawmakers and privacy advocates harshly criticized the federal government and its handling of sensitive data after the laptop was taken during a burglary of the VA employee’s home. Questions also linger as to the length of time it took for the fumble to be reported, and whether the staffer had permission to take the computer home.
The agency has not yet made a final determination as to what will happen to the employee, VA spokesperson Matt Burns told the E-Commerce Times.
The VA initiated dismissive action, but the unnamed individual reportedly is contesting the removal action, a right employees are entitled to exercise, according to Burns.
He said he could not further discuss the ongoing personnel matter, citing the VA employee’s privacy.
Much More Needed
The Office of Management and Budget (OMB), one of several agencies and groups that have warned about lax security and data handling at government agencies, recently issued guidelines to improve privacy and security standards, Rotenberg said.
“I think the OMB guidelines are a step in the right direction, but more needs to be done,” he urged. “There needs to be some clear legislation. There needs to be better oversight across the federal government.”
The VA data lapse highlights the growing problem of data and identity theft.
“This is a wakeup call to the federal government to improve privacy and security standards across federal agencies,” Rotenberg said. “They came dangerously close to putting at risk more than 26 million veterans, and that should never happen again.”
Mass of Easy Targets
Some argue that the names, phone numbers, social security numbers or health conditions of 26 million veterans would not be of much value to criminals, but there is clearly a market — if not an entire economy — around personal information, according to security expert and IT-Harvest Founder and Chief Analyst Richard Stiennon.
“Thieves see data all over the place,” he told the E-Commerce Times. “The smart ones are going to find it at government installations.”
Despite all the laptops that have potentially sensitive personal information, most thefts of the portable computers are for the hardware, not the hard drive contents, he acknowledged.
While users can take measures to defend their data and identities, their best defense may be in staying more alert than other members of the huge pool of potential victims, Stiennon said.
“Each individual can protect themselves adequately today,” he said. “The reason that’s possible is there’s a greater mass of easier targets.”