BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Stolen VA Laptop Contains Personal Data

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Fri, 14 May 2010 22:37:23 -0400
http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=224800060&cid=RSSfeed_IWK_News

The theft of the laptop containing Veterans Administration data
highlights the challenges of managing cybersecurity on devices
belonging to contractors.

By J. Nicholas Hoover
InformationWeek
May 14, 2010 03:46 PM

The Department of Veterans Affairs has suffered another possible
breach of private data as a thief recently stole an unencrypted laptop
that had held the social security numbers and other information of 616
veterans.

Although the VA hasn't found evidence that the data itself has been
breached, the theft of the laptop, which was owned by a contractor and
not the VA, highlights organizations' need to work closely with
contractors on cybersecurity issues.

That need was also spotlighted last year when reports emerged that
hackers had stolen sensitive data about the Pentagon's $300 billion
Joint Strike Fighter's electronics systems that had been hosted on
contractors' networks.

"We would like to express our deepest concern about the continued use
of unencrypted devices within VA, despite the ongoing efforts to stop
such use," Rep. Steve Buyer, R-Ind., the ranking minority party member
of the House of Representatives' committee on veterans affairs, wrote
in a May 12 letter to Shinseki, hinting at the fact that all devices
connecting to VA networks -- even contractor laptops -- are required
to be encrypted.

A seven-month cybersecurity review undertaken last year at the behest
of VA secretary Eric Shinseki found that more than 28% of the VA's
vendor contracts were missing required clauses about information
security, and contractors on 578 contracts actually refused to sign
the clauses.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: