[ISN] VA reports new data loss

From: InfoSec News (alerts@private)
Date: Thu Oct 12 2006 - 02:01:03 PDT


http://www.fcw.com/article96431-10-11-06-Web

By David Hubler
Oct. 11, 2006

As another instance of data loss at the Department of Veterans Affairs 
comes to light, the VAs Office of the General Counsel (OGC) has awarded 
a contract to Identity Force for identity theft protection services for 
more than 5,700 citizens, 660 of whom were veterans.

The number of individuals who enroll in this opt-in program will 
determine the value of the contract, Identity Force said in a statement.

The contract is the result of a May 8 incident in which a backup data 
tape was reported missing from the general counsels regional office in 
Indianapolis, Ind., said VA spokeswoman Jo Schuda.

She said the missing data contained mostly legal records dating back to 
the 1970s. Along with the legal issues there were attorney work 
products, she said. The data contained entries for any kind of legal 
cases that the attorneys worked on, not necessarily veterans.?

The office sent notification letters this summer to as many of the 
individuals involved as possible, she said. But they couldnt find 
complete addresses for some because of the age of the cases, Schuda 
added. About 2,000 of the more than 7,000 individuals were deceased.

There is no indication any of the affected individuals have suffered 
problems as a result of this missing tape, but in order to be doubly 
sure we have also purchased the services of ID Analytics to perform data 
breach analysis in order to detect any organized misuse of these data, 
according to a statement OGC issued today.

Schuda said she did not know if the tape was lost or stolen and whether 
it has been recovered.

The incident occurred the same month that a VA laptop PC and disks 
containing personal information on 26.5 million veterans were stolen 
from an employees home. The FBI later recovered the computer with no 
signs that personal data had been compromised.

In August, a laptop containing insurance claims data on about 20,000 
veterans who were treated at the Pittsburgh and Philadelphia VA medical 
centers was stolen from the Unisys office in Reston, Va. Unisys was 
under contract to track the claims.

As a result of those incidents, VA Secretary Jim Nicholson established 
the VA information security program, setting standards for accessing 
information systems and requiring officials to report compliance 
failures or policy violations immediately. He also ordered annual 
cybersecurity and privacy awareness training for all VA employees.

Identity Force said that under the terms of the contract, the 
Framingham, Mass.-based company is providing the following services:
    
* Online and toll-free access for individuals to enroll in the Credit 
  Monitoring Services program.
    
* Automatic daily monitoring of Equifax, Experian and TransUnion credit 
  bureau reports.
    
* Alerts of any key changes to credit reports.
    
* On-demand personal access to credit reports and scores.
    
* Dedicated fraud resolution representatives available to counsel and 
  assist victims of identity theft.
    
* A $20,000 identity theft insurance policy.

Identity theft is the fastest growing crime in the United States, and we 
applaud the VA for implementing a response to protect people potentially 
affected and to detect attempts to use the lost data to commit fraud, 
said Judy Leary, president of Identity Force, in the statement.

This contract is a perfect example of how the federal governments new 
blanket purchase agreement for identity theft and credit monitoring 
services helps government agencies develop rapid responses to data 
losses or security breaches, she said.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Thu Oct 12 2006 - 02:06:15 PDT