Friday, July 14, 2006

The Latest Mea Culpa from the Veterans Affairs Office


As if losing the information for 26.5 MILLION US “Veterans” wasn’t enough - The VA is slowly and eventually explaining how and why this breach happened...well sort of.


Secretary Nicholson announced that the data had been stolen on May 22, 2006, but neglected to tell the American public that they learned of the breach happened a full thirteen days before the public announcement. He also left out some other crucial details as we will see later in this blog.


When the public outrage exceeded their expectations, the VA initiated their own investigating while having the audacity to highlight their “Innovations in American Government Award” for their model system of electronic health records. Talk about hutspa! To simultaineously promote the same electronic medical record system that lead to the violation of millions of Veterans and their families as a model of efficiency resulting in high patient satisfaction is a disgrace to those that got the short end of the stick when it comes to the VA’s data security system.


The first official response from the VA was to post a “We’re Sorry” page on their website titled - “Veterans Affairs data security issue” with a simple announcement:


    The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of our policies. This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. Importantly, the affected data did not include any of VA's electronic health records nor any financial information. The employee's home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation. Still being paid, but on “Administrative Leave”.

    The Secretary of Veterans Affairs R. James Nicholson has briefed the Attorney General and the Chairman of the Federal Trade Commission, co-chairs of the President's Identity Theft Task Force. Task Force members have already taken actions to protect the affected veterans, including working with the credit bureaus to help ensure that veterans receive the free credit report they are entitled to under the law. Additionally, the Task Force will meet today, 22 May 2006, to coordinate the comprehensive Federal response, recommend further ways to protect affected veterans, and increase safeguards to prevent the reoccurrence of such incidents.

The first response was to protect Credit Reports and offer free credit monitoring? Shouldn’t they be worried about National Security and the lives of our serving men and women or their families? Hold on - the rabbit hole gets deeper...


This is an excerpt from the first letter that was sent to the US Veterans by the VA -


Dear Veteran:



The Department of Veterans Affairs (VA) has recently learned that an employee took home electronic data from the VA, which he was not authorized to do and was in violation of established policies. The employee’s home was burglarized and this data was stolen. The data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. As a result of this incident, information identifiable with you was potentially exposed to others. It is important to note that the affected data did not include any of VA’s electronic health records or any financial information.


With the above information, I could find out everything there is to know about you including what you had for lunch yesterday. Credit card records, banking, brokerage accounts, home loans, everything is tied to three primary national credit reporting databases that are relatively easily accessible.


The VA set up a hotline for affected Veterans, Servicemen and their SPOUSES to call and get more information on the breach and how to protect their credit. Protecting their credit should be the least of their worries. Read on and you’ll see why.


On June 3, 2006, the VA had this to say -


(The) VA has learned through its ongoing analysis of the data stolen on up to 26.5 million individuals, and in discussions with the Department of Defense, that private information – the names, Social Security Numbers and dates of birth – on certain National Guard and Reserve personnel who are on at least their second federalized active duty call-up could potentially be included. The number of those potentially affected is believed to be between 10,000 and 20,000.


Additionally, private information – the names, Social Security Numbers and dates of birth – on some active duty U.S. Navy personnel may be involved. This could potentially include members of the U.S. Navy who remain on active duty and completed their first enlistment term prior to 1991. Working with the Department of Defense, VA has determined this group likely consists of between 25,000 and 30,000 individuals.


We found out later that not only was prior Veterans information included, but current service members information was also included in the data on an unsecured drive. But wait - the story gets even more interesting ...the numbers just don’t add up!



Imagine the horror of having identifying information including names, addresses social security numbers, and dates of birth and even disability and medical information of every single soldier and veteran in the hands of Al Qaeda. Why fight an war in Iraq or Afghanistan against an armed foe when you have access to their unarmed families here in the USA and can pick them off at will with a sniper in the shopping center parking lot?


On June 6th, the VA released another “Gem” by way of a website release - “Secretary of Veterans Affairs R. James Nicholson today announced that data stolen on 26.5 million individuals included information on more active-duty military personnel than initial findings indicated.”



VA announced over the weekend that information on some active-duty personnel were among the data stolen on up to 26.5 million individuals. Initial findings from VA and the Department of Defense indicated the personal information on approximately 50,000 active duty, National Guard and Reserve personnel may have been involved.


As the two agencies compared electronic files, VA and DoD learned that personal information on as many as 1.1 million military members on active duty, 430,000 members of the National Guard, and 645,000 members of the Reserves may have been included in the data theft.


This information is pulled from the VA’s own website. They proudly state:


On July 21, 2005, VA celebrated its 75th Anniversary. It had grown from the Veterans Administration with an operating budget of $786 million serving 4.6 million veterans in 1930 to the Department of Veterans Affairs with a budget of $63.5 billion serving nearly 25 million veterans today.

According to Pentagon numbers there are approximately 1.5 Million troops currently serving in the armed forces. If we take both numbers and add them together we come up with - - - 26.5 MILLION, which just happens to be the magic number of the records that were on the disk.


This means that the personal information of potentially EVERY SINGLE Veteran AND current Active Duty military members was exposed to a security breach and potential public distribution, even to our enemies through purchase on the “very real and readily available” illicit market of personal data.


There has been enough fertilizer in the responses from the leadership at the VA to cover the lawns of all 26.5 million victims. And they are still covering up and minimizing the potential damage to every American Citizen and our communities.


Imagine the horror of having identifying information including names, addresses, social security numbers, and dates of birth and even disability and medical information of every single soldier and veteran in the hands of Al Qaeda. Why fight an war in Iraq or Afghanistan against an armed foe when you have access to their unarmed families here in the USA and can pick them off at will in the shopping center parking lot? Do not be complacent enough to think that our enemies have not thought about this as a tactic and the fact that the US Government didn’t even think about warning the families or Veterans about this probable outcome of the data breach is unforgiveable.


Every single American citizen and especially the military community should be screaming at the top of their lungs and mad as hell over this blatant stupidity and complete disregard for the law, our soldiers and their families safety and the internal data security. Now the FBI has announced that they have recovered the laptop and that it has a “high degree of confidence” that the sensitive files were not accessed or compromised. Somehow I don’t have a “high degree of confidence” in their findings. I do have however a “high degree of confidence” that they want to sweep this under the rug as quickly as possible.


The new slogan of the US Government Portal Site is “Expect More” and from the above outline, it seems they are delivering on that promise - more information every day - more obfuscation, deceit, cover-ups and comprimizing of our National Security!


Heads should roll at the VA, Pentagon and every other agency involved with this national disgrace.



In another program of self-congratulations and incestuous gladhanding, a new government initiative that rates government agencies even rated the Department of Veterans Affairs as PERFORMING MODERATELY EFFECTIVELY.


“A program rated Moderately Effective has set ambitious goals and is well-managed.”

Well Managed? Moderately Effective? Yeah, Right.


Laptop Computer - $1500.00, External Hard Drive - $300.00, Total Budget - $63.5 Billion, One Data Analyst putting ALL of our Soldiers, Veterans and their Families at risk with blatant stupidity - Priceless!

No comments: