Feb 14 2007
The hard drive stolen from the Birmingham VA Medical Center may have contained personal information on 535,000 people - 10 times the number VA originally estimated, The Birmingham News relates.
The hard drive also may have included data, not all of it sensitive, on about 1.3 million non-VA physicians, both living and dead, Secretary of Veterans Affairs Jim Nicholson said in a statement.
Sen. Richard Shelby was "outraged" by the discrepency in the figures. He said he hoped "it was not meant to mislead the public.
"It is obvious that this incident is much deeper and broader than first announced," he said. "The records of our veterans should be protected at all costs, and the VA must take immediate measures to alleviate this problem and ensure it never happens again."
A continuing concern is the lack of encryption of VA data. Officials said some but not all of the data was encrypted. Rep. Spencer Bachus questioned why the data was not all encrypted.
"It is a continuing source of astonishment and concern that despite numerous VA data breaches, VA records were being stored without encryption," he said. "Encryption of records is an established and routine practice. To have not taken that routine step is bewildering."
The VA is making arrangements to provide one year of free credit report monitoring to people if their personal information is compromised - an offer that outraged ZDNet reader and US Navy vet Michael Baggett. He wrote:
I know that with all of the advancements made in the technological environment have made security a priority, but I think that "providing" the effected veterans one year of free credit protection is absurd. The veterans of this country, including myself, were and always will be willing to forfeit our own lives to protect the well-being of our nation.
In light of the multiple security breaches encountered by the Veterans Administration, "providing one year of credit protection" is as minute of compensation as adding one grain of sand to an eroding beach. This is what our country has to offer in exchange for our offering of our lives? With the “protection offer” now in print, are the hackers idiotic enough to use the information prior to the one-year lapse? Are we (the veterans) all going to be issued new Social Security numbers, military ID numbers and so on? I know the answers are all an unequivocal “No”. I am a Vietnam Veteran and coming home after 4 years of service was no treat. We were in it for the long haul; is America?