VA Computer Stolen: 26.5 Million Veterans’ Personal Information at Risk
In a much publicized manner, the world was informed in the summer of 2006 that a Department of Veterans Affairs employee’s laptop was stolen. That hard drive contained the names, birth dates and Social Security numbers of 26.5 million veterans. This was the largest information security breach in the history of our government. The person who stole the laptop took it in a routine burglary and apparently did not know what was on it and thankfully never improperly used the data. Amazingly, the thief contacted authorities to turn the laptop over. In 2009, the VA agreed to pay $20 million to settle a class-action lawsuit on behalf of the men and women whose personal data was on the laptop.
Have the VA’s Measures to Protect Personal Information Improved?
As it has been more than seven years since the theft, you would hope that the VA would have beefed up efforts to secure veterans’ personal information. However, recent developments suggest you may still have reason to worry about the VA protecting your identity. It seems that the VA has done little recently to address Congress’ concern about the safety of personal data. Recent concerns stemmed from a December 2012 report that indicated that veterans near military bases in Alaska, Colorado, Kentucky, New York and Ohio are at a higher risk for identity theft than non-veterans in the same areas. The House Veterans Affairs Committee caught wind of this report and ramped up pressure on the VA to show how it was protecting the data.
In July, members of the House and Senate Veterans Affairs committee met with Homeland Security and VA IT executives. The VA representatives would not directly answer the question: “How many times has VA’s systems been hacked within the last year?” This supposedly led to some committee members walking out of the meeting after not getting a straight answer. The committee, though, refuses to confirm this to be true.
The meeting in July was the third such meeting this year about security concerns between the House committee and the VA. Allegations have been made that the VA is taking shortcuts regarding its accreditations and authorizations. The VA’s former Chief Information Security Officer, Jerry Davis, alleges the agency’s process is improper and putting data at higher risk. The aforementioned December 2012 report can only serve to support these allegations. Congress will not let the VA off the hook easily. Expect discussions on this matter to continue.
How to Protect Your Own Personal Information
Credit card fraud is the most common way criminals use stolen identities. Even if you are not in one of the states listed in the report, you should still take precautions. Until the VA does all it can to protect your data, you need to do what you can to protect it on your own. Do not give out personal information over the phone if someone called you. Shred sensitive information before just tossing it in the trash. Monitor your bank statements for any unusual purchases. Use random passwords and PINs for online transactions. Surprisingly, recently discharged veterans are most at risk since they grew up in a world of online banking and shopping, and are not prone to balance a checkbook on a monthly basis because they do not have one. The younger generation is used to doing everything digitally.
You have endured enough fighting for your country. Take easy measures to protect your identity so that you do not have to take drastic measures to get it back.