VA missing hard drive
- By Mary Mosquera
- Feb 06, 2007
The Veterans Affairs Department is missing one of its portable hard drives used by an employee at a VA facility in Birmingham, Ala., and it may have been stolen.
It potentially contains personal information about some veterans, but the department did not have more information about the scope of the incident.
VA's Office of Inspector General, notified the next day, opened a criminal investigation, sent special agents to the medical center and alerted the FBI. VA's Office of Information and Technology also dispatched an incident response team to investigate, according to VA Secretary Jim Nicholson.
'We intend to get to the bottom of this, and we will take aggressive steps to protect and assist anyone whose information may have been involved,' he said.
VA has encrypted its laptops, department CIO Robert Howard said previously. VA is in the process of protecting other portable devices in the wake of a dramatic breach last May in which a laptop containing the personal data of millions of veterans was stolen from an employee's home.
House Veterans Affairs Committee Chairman Rep. Bob Filner (D-Calif.) voiced concern that a government-owned portable storage device was still not fully protected. 'There is no excuse for storing sensitive personal information about our veterans on portable, government equipment that is not secure,' he said.
The employee, who reported the hard drive missing Jan. 22, used it to back up information contained on the employee's office computer and may have contained data from research projects the employee was involved in. The employee also indicated the hard drive may have contained personal identifying information on some veterans but said that portions of the data were protected.
The IG has seized the employee's work computer and is in the process of analyzing its contents. VA's IT staff is providing technical support in this effort. Analyzing the work computer may help investigators determine the nature of the information the hard drive potentially contained. Pending results of the investigation, VA is prepared to send individual notifications and provide one year of free credit monitoring to those whose information proves compromised.
In addition to the ongoing criminal investigation, the IG has initiated an administrative investigation to determine how such an incident could occur. VA has been educating and training employees to use best practices in data security since the data breach last May.
'We have made considerable progress, but establishing a culture that always puts the safekeeping of veterans' personal information first is no easy task. This unfortunate incident will not deter our efforts, but it underscores the complexity of the task we have undertaken,' Nicholson said.
Mary Mosquera is a reporter for Federal Computer Week.