Monday, May 22, 2006

06: BOHICA Alert


Our wonderful Department of Veterans Affairs has slipped us another one. An employee took a disk containing the social security numbers of over 26 million veterans home (ostensibly to work on it at home) and had it stolen during a burglary of his home.

Here is vital information from
FirstGov:
Latest Information on Veterans Affairs Data Security
The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of VA policies. This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings.

Importantly, the affected data did not include any of VA's electronic health records nor any financial information. The employee's home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation.

Appropriate law enforcement agencies, including the FBI and the VA Inspector General's office, have launched full-scale investigations into this matter. Authorities believe it is unlikely the perpetrators targeted the items because of any knowledge of the data contents. It is possible that they remain unaware of the information which they possess or of how to make use of it. However, out of an abundance of caution, the VA is taking all possible steps to protect and inform our veterans.

The VA is working with members of Congress, the news media, veterans service organizations, and other government agencies to help ensure that veterans and their families are aware of the situation and of the steps they may take to protect themselves from misuse of their personal information. The VA will send out individual notification letters to veterans to every extent possible. Additionally, working with other government agencies, the VA has set up a manned call center that veterans may call to get information about this situation and learn more about consumer identity protections.
That toll free number is 1-800-FED INFO (1-800-333-4636).

The call center will operate from 8 am to 9 pm (EDT), Monday-Saturday as long as it is needed.

Here are some questions you may have about this incident, and their answers.

I'm a veteran. How can I tell if my information was compromised?

At this point there is no evidence that any missing data has been used illegally. However, the Department of Veterans Affairs is asking all veterans to be extra vigilant and to carefully monitor bank statements, credit card statements and any statements relating to recent financial transactions. If you notice unusual or suspicious activity, you should report it immediately to the financial institution involved and contact the Federal Trade Commission for further guidance.

What is the earliest date at which suspicious activity might have occurred due to this data breach?

The information was stolen from an employee of the Department of Veterans Affairs during the month of May 2006. If the data has been misused or otherwise used to commit fraud or identity theft crimes, it is likely that veterans may notice suspicious activity during the month of May.

I haven't noticed any suspicious activity in my financial statements, but what can I do to protect myself and prevent being victimized by credit card fraud or identity theft?

The Department of Veterans Affairs strongly recommends that veterans closely monitor their financial statements and review the guidelines provided on this webpage or call 1-800-FED-INFO (1-800-333-4636).

Should I reach out to my financial institutions or will the Department of Veterans Affairs do this for me?

The Department of Veterans Affairs does not believe that it is necessary to contact financial institutions or cancel credit cards and bank accounts, unless you detect suspicious activity.

Where should I report suspicious or unusual activity?

The Federal Trade Commission recommends the following four steps if you detect suspicious activity:

Step 1 – Contact the fraud department of one of the three major credit bureaus:
  • Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
  • Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, Texas 75013
  • TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

Step 2 – Close any accounts that have been tampered with or opened fraudulently.

Step 3 – File a police report with your local police or the police in the community where the identity theft took place.

Step 4 – File a complaint with the Federal Trade Commission by using the FTC's Identity Theft Hotline by telephone:

1-877-438-4338, online at www.consumer.gov/idtheft, or by mail at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington DC 20580.

I know the Department of Veterans Affairs maintains my health records electronically; was this information also compromised?

No electronic medical records were compromised. The data lost is primarily limited to an individual's name, date of birth, social security number, in some cases their spouse's information, as well as some disability ratings. However, this information could still be of potential use to identity thieves and we recommend that all veterans be extra vigilant in monitoring for signs of potential identity theft or misuse of this information.

What is the Department of Veterans Affairs doing to insure that this does not happen again?

The Department of Veterans Affairs is working with the President's Identity Theft Task Force, the Department of Justice and the Federal Trade Commission to investigate this data breach and to develop safeguards against similar incidents. The Department of Veterans Affairs has directed all VA employees complete the "VA Cyber Security Awareness Training Course" and complete the separate "General Employee Privacy Awareness Course" by June 30, 2006. In addition, the Department of Veterans Affairs will immediately be conducting an inventory and review of all current positions requiring access to sensitive VA data and require all employees requiring access to sensitive VA data to undergo an updated National Agency Check and Inquiries (NACI) and/or a Minimum Background Investigation (MBI) depending on the level of access required by the responsibilities associated with their position. Appropriate law enforcement agencies, including the Federal Bureau of Investigation and the Inspector General of the Department of Veterans Affairs, have launched full-scale investigations into this matter.

Where can I get further, up-to-date information?

The Department of Veterans Affairs has set up a special website and a toll-free telephone number for veterans that features up-to-date news and information. Please check this webpage for further updates or call 1-800-FED-INFO (1-800-333-4636).

The VA website mentioned [but not linked!!!!] above has little information of any value.

The Department of Veterans Affairs offers this somewhat insufficient piece from their website:

The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of our policies. This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings.

Importantly, the affected data did not include any of VA's electronic health records nor any financial information. The employee's home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation.

Appropriate law enforcement agencies, including the FBI and the VA Inspector General's office, have launched full-scale investigations into this matter. Authorities believe it is unlikely the perpetrators targeted the items because of any knowledge of the data contents. It is possible that they remain unaware of the information which they posses or of how to make use of it. However, out of an abundance of caution, the VA is taking all possible steps to protect and inform our veterans.

The VA is working with members of Congress, the news media, veterans service organizations, and other government agencies to help ensure that those veterans and their families are aware of the situation and of the steps they may take to protect themselves from misuse of their personal information. The VA will send out individual notification letters to veterans to every extent possible. Veterans can also go to www.firstgov.gov as well as www.va.gov/opa to get more information on this matter. The firstgov web site is being set to handle increased web traffic. Additionally, working with other government agencies, the VA has set up a manned call center that veterans may call to get information about this situation and learn more about consumer identity protections. That toll-free number is 1-800-FED INFO (333-4636). The call center will be open beginning today, and will operate from 8 am to 9 pm (EDT), Monday-Saturday as long as it is needed. The call center will be able to handle up to 20,000 calls per hour (260,000 calls per day).

The Secretary of Veterans Affairs R. James Nicholson has briefed the Attorney General and the Chairman of the Federal Trade Commission, co-chairs of the President's Identity Theft Task Force. Task Force members have already taken actions to protect the affected veterans, including working with the credit bureaus to help ensure that veterans receive the free credit report they are entitled to under the law. Additionally, the Task Force will meet today, 22 May 2006, to coordinate the comprehensive Federal response, recommend further ways to protect affected veterans, and increase safeguards to prevent the reoccurrence of such incidents.

The VA's mission to serve and honor our nation's veterans is one we take very seriously and the 235,000 VA employees are deeply saddened by any concern or anxiety this incident may cause our veterans and their families. We appreciate the service our veterans have given their country and we are working diligently to protect them from any harm as a result of this incident.
I do not know about any of you, but I have a far less than fuzzy feeling about this one. I am not pleased by the response from the VA Secretary who thinks the compromise of your (and your spouse’s) health records is more important than the compromise of your name, date of birth, Social Security number, and the Lord only knows what other personal information.

Apparently the Secretary does not get SPAMMED daily by the unscrupulous @ssholes who inhabit the Internet and use just that information listed above to ruin you financially by stealing your identity.

Further, I appreciate that the FBI and the VA’s Inspector General are starting investigations, but I am more concerned that the Virginia (where the burglaqry occurred) State Police and the local police have stepped up their investigation!

I get no such assurances from the Secretary.

And this from the very government agency built to help you.
Absolutely shameful and criminal.


VNVets

“With malice toward none; with charity for all; with firmness in the right, as God gives us to see the right, let us strive on to finish the work we are in; to bind up the nation's wounds; to care for him who shall have borne the battle, and for his widow, and his orphan--to do all which may achieve and cherish a just and lasting peace, among ourselves, and with all nations.” -- President Abraham Lincoln


"Without a decisive naval force we can do nothing definitive, and with it, everything honorable and glorious." --President George Washington

Copyright © 2006: VNVets Blog; All Rights Reserved.

No comments:

Post a Comment