Security Focus reports in part:
“The U.S. government warned on Monday that a database containing sensitive information about veterans and their families had been stolen, after an employee violated policy and brought the data home.”
Several things jump out at me about this.
First, and most obvious, the fact that 26.5 million identities are now exposed, mine included.
Second, the only reason VA knew this data was exposed was after the “analyst” reported the burglary to VA. I can’t imagine his horror after realizing what had happened. I’m hoping he also kicked himself for bring it home in the first place. Here’s hoping he at least had it encrypted some how but I’m not holding my breath.
Third, in their statement, the VA says this “analyst” didn’t have authority to take this home. The VA must be the most trusting Federal Agency in government. Makes you wonder what their internal security looks like. Hey VA! Ever heard of VPN? If you are going to let these people tinker with this information then at least force them to do so over an encrypted channel and leave the data where it lives.
This kind of thing makes me want to get even more draconian with my users.