The AM Forum

The news has been reporting the theft of a Veterans Affairs (VA) employee’s laptop computer which contained names, social security numbers, and date of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings.

As I recall, the news has specified the start date as discharges “after 1975” and “1976 on”.  Today in the mail I received the Department of Veterans Affairs warning letter.  I was discharged in November 1974.  So I wonder if the range is wider than previously reported or perhaps the VA is shotgunning somewhat with the letters (does not know).  Of course, November 1974 is only 13 months before 1976.

My letter’s envelope has a return address of Philadelphia, PA.  As I suspected would be necessary, the letter was mailed to my current address with cooperation of the IRS.  There are (2) 8 ½ X 11” sheets, one is a single-page letter from the Secretary of Veterans Affairs, R. James Nicholson.  The other sheet is an “Answers to Frequently Asked Questions” which fills both sides.

I heard yesterday on the news that it believed that the thieves probably wiped the hard drive and then sold the computer to a college student.  So let’s hope the drive was wiped and not copied.

I don't have to worry about that because all my veterans' data was on paper copy, and was destroyed in the fire in St Louis sometime in the 70's.

I received my letter from the VA yesterday. I was discharged December 1972.

Dave
KX9DK

Got mine in the mail today....

There's a little more info on the website they mention in the letter.

The VA is evidently sending everyone a copy.

Not all records were completely lost in the '73 fire....
But of course the IRS has records of everyone who was paid in military service.


Well, as with every scandal, I somehow think there's "more to the story".....
How is it that the very day the employee took home a laptop, it "...just happened to get stolen...."?


We will soon hear a very different story, as soon as the FED covers its collective arses. :o

Apparently the HIGHLY QUALIFIED EXPERTS IN "IT"[/i] [/color]at the VA never heard of a little something called encryption[/i]??

Stuff like that should be encrypted as a matter of standard practice. Period.

I forget what they call it, but the MIT developed encryption standard is all but unbreakable by mere mortals (pretty good something or other?)... it takes the NSA to crack it as I understand. At least they could use that. It would clobber 99.9% of all of these sorts of "accidental losses."

Duh.

Geez... yet another example of bureauocracy at work.

         _-_-WBear2GCR

My Discharge paper says July 16, 1974 and I received the letter also.
I also found a VA card that was given to me at discharge. Seems my command gave my info to the VA and got me a VA card back then automatically for me so both the Navy and the VA had my info. I have never used the VA but I guess they kept everyones info but for the life of me I don't understand why anyone had it on a laptop!
On a main frame I understand but on a laptop? Wonder how many more laptops at the VA have this info on them?
Speaking about that fire, I recently requested a copy of my Military records and I got everything. Nothing was lost. Even the papers I signed at the recruiting center in 1968 where there as were every visit to sick bay even the one where I complained of crotch rot. How embarassing!

Regards
Q, W1QWT

From the following gummit web page "Latest Information on Veterans Affairs Data Security" :

    http://www.firstgov.gov/veteransinfo.shtml

“What action has been taken against this employee or his supervisor?

The employee is cooperating fully with the investigation. The employee was initially placed on administrative leave, and VA is implementing procedures necessary to dismiss the employee.
Also, the official responsible for the organization in which this employee served has resigned his position because of the events.”

Was the employee forced to do "homework"?.....  klc

You are absolutely right Bear. I can't belive they don't encrypt the information on the disc. And there is little excuse not to. They can't even argue that they didn't have enough money. There are several programs that will encrypt the entire disc or just parts of it and several of them can be gotten for FREE.

Furthermore, was this information backed up ?? It seems like "back up" is something they never heard of as well.

That would be PGP, Pretty Good Privacy. A little dated now, but still pretty good. The Advanced Encryption Standard (AES) is the way to go now. You can also buy 'file vault' type hard drives with built-in encryption. It's all transparent to the user - they access, read and write to the HD as they would with any other drive. Except all write's are encrypted and all reads are decrypted. Most newer operating systems offer file and total drive/partion encryption too.

You don't want to use any of the free stuff. Everybody knows its written by communists plotting the downfall of capitalism...

Besides if a defence dept employee lost a laptop with encryption sotware on it, wouldn't that equivelent be losing to losing munitions?
                                                                    Ian VK3KRI

It's a violation of the rules to remove sensitive information from US Government premises to begin with, so what makes you guys think the offender would use encryption?

JN,

It's not the question of what the employee would or would not do, it's a question of basic policy by the government.

Lessee, it would take me maybe 5 mins tops to remove a HD from the typical desktop...

All of the data ought to be encrypted, imho.

As far as your coment JH, losing the disc that is/was encrypted does not transfer the encryption algorithm nor the key(s) to the "finder." So, no - it would not be the same as losing munitions, something, but not the same.

               _-_-WBear2GCR

The basic policy by the government is it mustn't be removed from US Government premisis.   Not sure what we'd be gaining by requiring it to be encrypted, that would be rather a wink to the employees to go ahead and take it home anyway.  Anyone ignoring the one (most important) rule sure ain't gonna follow the second rule.

Mmmm... have not received a letter yet. I was discharged in July of 1977, wonder what's up with that? I love the "talk" in the halls of congress about setting up a fund to assist veterans who become victims of identity theft. Be a nice way for them to create another layer of bureacracy for us to dialogue with...

Rob WB1AEX

Rob,

I talked with a ham friend today who received his warning letter several weeks ago.  He was discharged in 1971.  This is the earliest discharge date I have heard of so far to receive the letter. 

The VA may be working through their database by discharge date.  I was discharged in November 1974 and received my letter this past Saturday.  Also could be by numerical order of SSN, or by discharge address regions.  It does not appear to be alphabetical by last name.

The proficiency of your current regional IRS office is probably a factor too.

The term identity theft is way over used and quite incorrect. It would be rather hard to steal someone's actual identity (since that is defined by things that can't be stolen). What is being called identity theft these days (mostly because of hyped up reporting) is really fraudulent use of credit cards, SSNs or drivers licenses (identifying documents or tokens). Fraud is as old as mankind. The way it's being done changes with the times.