VA chief says laptop with vets’ data recovered
Nicholson says no incidents of identity theft reported since burglary
BREAKING NEWS
By Bob Sullivan
Technology correspondent
MSNBC


Updated: 11:24 a.m. ET June 29, 2006
WASHINGTON - The missing laptop and hard drive that contained veterans' personal information has been found, Veterans Administration Chief Jim Nicholson announced Thursday.

The announcement came at the beginning of a hearing before the House Veterans’ Affairs Committee hearing.

"It was confirmed to me by the deputy attorney general that law enforcement has in their possession the ... laptop and hard drive," Nicholson said in a statement at the hearing. "The serial numbers match."

Experts were conducting forensic tests on the laptop and hard drive, Nicholson said. It was not immediately clear if the data on the equipment had been copied or compromised, but Nicholson said "there is reason to be optimistic."

He did not say how the equipment was recovered, on where it's been during the past two months. The equipment was found Wednesday; Nicholson said he wasn't aware of any arrests made in connection with the incident.

An FBI spokesman said the laptop computer was recovered "in the area," but could not provide more specific information. Forensics tests showed "the sensitive files were not accessed," according to special agent in charge Bill Chase.

In early May, the computer equipment was stolen from a VA employee's home. The agency revealed the theft two weeks later. The news has spurred criticism of the agency's computer security procedures.

The announcement was a surprise at the hearing, which was intended to examine the government's treatment of sensitive data.

Even after the announcement, Rep. Bob Filner (D-Calif.) was still critical of the agency.

"The intention seems to be to blame all of this on one guy," he said. "But he had permission to download the data. He had help downloading the data."

The Associated Press contributed to this report.


© 2006 MSNBC

July 10, 2006

Laptop returned, but VA problems persist
More instances of missing data come to light

By Rick Maze
Times staff writer


The surprise announcement that an informant turned over to the FBI stolen computer equipment containing personnel information for about 28.7 million military members and veterans has not ended the controversy over data security at the Department of Veterans Affairs.

VA Secretary James Nicholson announced June 29 that a laptop and data storage devices stolen in a May 3 robbery from the Maryland home of a VA employee had been recovered, with indications that the personnel records had not been copied or compromised.

But just minutes later, Nicholson admitted to the House Veterans’ Affairs Committee that other unannounced instances of missing personal data have cropped up recently.


In May, for example, a backup disc containing legal records of about 16,538 veterans was reported missing in Indianapolis. And last year in Minneapolis, a computer containing personnel information on about 60 veterans was stolen from the trunk of a rental car.

In both cases, veterans whose information is missing and possibly compromised are being individually informed, Nicholson said.

In the Minneapolis case, the VA employee whose laptop was stolen never reported the theft. Higher authorities were never notified until two veterans who were patients in long-term care facilities reported their identities had been stolen and postal inspectors began investigating, Nicholson said.

The fact that the theft of the laptop containing the names, Social Security numbers and birthdates of 26.5 million veterans and 2.2 million active-duty, National Guard and reserve members was not an isolated case, but rather part of a pattern of data security problems, is reason to demand action, said Rep. Steve Buyer, R-Ind., the veterans’ committee chairman.

Buyer said the full list of data breaches by the VA is much longer and still incomplete.

He said he is particularly keen to get VA to restructure its information technology offices and create tighter oversight, especially because VA information security problems have been known for years, with little action taken until now.

One thing the recent cases show, Buyer said, is that VA needs to create a climate in which employees feel they can come forward to admit data are missing without fear of being disciplined or fired, because that fear “has a chilling effect” on employees’ willingness to talk about theft or loss.

In the Maryland case, the employee who had taken home the laptop that may have contained personal data on 28.7 million past and present service members quickly reported the theft, but his superiors did not. Nicholson was not informed until several weeks later.

Apparently not accessed

Nicholson cited an FBI statement that said a “preliminary review of the equipment by computer forensic teams determined that the database remains intact and has not been accessed since it was stolen.”

A more thorough examination, expected to take three to five weeks, is underway. But with no indications that anyone’s identity had been stolen since the May 3 laptop theft and with the preliminary examination by the FBI, Nicholson said “there is reason to be optimistic.”

“This is a very positive note in a very sad saga,” he said.

He admitted mistakes and promised a shake-up of computer security and VA’s entire information technology structure.

“I am convinced that coming out of a very bad situation, we can make the VA a model for data security,” he told the House committee. “This theft … has been a wake-up call to all of us.”

Sen. Larry Craig, R-Idaho, the Senate Veterans’ Affairs Committee chairman, said he hoped recovery of the laptop and storage data means the VA will not have to spend $160 million requested June 28 for credit monitoring services for the 28.7 million people whose personal information was stolen.

Others, however, are not so sure. Buyer said the additional data losses show why credit monitoring is needed, although perhaps on a smaller scale.

Sen. Daniel Akaka of Hawaii, ranking Democrat on the Senate veterans’ committee, said the VA should err on the side of caution and “continue to pursue a contract … to provide identity theft detection of the affected records. We must be vigilant to detect if anyone’s personal information has been compromised.”

Ellie

personnely this whole senerio stinks to me, man takes puter home, mans house gets broken into,millions of veterans imfo is on puter,big lawsuit is brewing, Our FBI finds lil puter(but cant stop terrorist),now saying will take 3-5 weeks of studying puter records,senators want better ID theft protection.Hhhhmmmmm sumbtin is fishy to meeeeeee !!!

:mad: :!: Why are people in the VA allowed to take "laptops" home in the first place? Surely someone with higher authority has to know, wouldn't you think? Shoot, how much more will it take to get this mess straightened out? I hope too that they won't have to spend 128mil for Vet's credit stuff, when that money could be spent on doing something better for Veterans. This has to stop. Something has to be implemented where "NOBODY" is allowed to take any Vet's info out of the VA'S. How hard would that be? I hope what the Secy. said will come to pass. SF

Why does any veterans information what so ever have to be on a laptop thats my question.. it should remain at the hospital on a main Computer only, not on anyones lap top thats the buttom line...

hrscowboy
Your veteran info is not only medical but the benefits, cemetary, education and loan departments of the VA have it too.
We are not talking about medical records. Only VA data related to dates of service, branch, address, date of birth, etc...

Please tell me that no one here took work home with them? The guy who had his laptop stolen was allowed to do so. He had a position that demanded working more than 40 hours a week. It was just bad luck that the laptop was stolen.

hrscowboy
Your veteran info is not only medical but the benefits, cemetary, education and loan departments of the VA have it too.
We are not talking about medical records. Only VA data related to dates of service, branch, address, date of birth, etc...

Please tell me that no one here took work home with them? The guy who had his laptop stolen was allowed to do so. He had a position that demanded working more than 40 hours a week. It was just bad luck that the laptop was stolen.



Cas ! are you defending this guys actions,you cant be serious.Like I stated before,theres something really fishy about this whole story.Just seems funny to me that they were talking a lawsuit and something in the effect of compensating each veteran with $1000 greenbacks and all the sudden the FBI gets the lil blackbox back but they have to study it for 3-5 weeks, where/how did they come up with that # anyway.Just my opinion.SF