Gaping Security Breaches

The big news this morning should be the theft of a laptop computer carrying sensitive personal information for 26.5 million veterans, including Social Security numbers and other personal identifying information.

That would be troubling enough.

The person from whom the laptop was stolen was not authorized to take this information home in the first place.

How many other instances have we seen classified or otherwise sensitive information taken home by high ranking government employees or CIA Directors only to have them lose, steal, or mishandle such information?

A career data analyst, who was not authorized to take the information home, has been put on administrative leave pending the outcome of investigations by the FBI, local police and the VA inspector general, Nicholson said. He would not identify the employee by name or title.

"They believe this was a random burglary and not targeted at this data," he said. "There have been a series of burglaries in that community. . . . There is no indication at all that any use is being made of this data or even that they know that they have it." Nicholson said affected veterans include anyone discharged after 1975 and some of their spouses, as well as some veterans discharged before then who submitted a claim for VA benefits.

The theft represents the biggest unauthorized disclosure ever of Social Security data, and it could make affected veterans vulnerable to credit card fraud if the burglars realize the value of the data, one expert said

...

Democrats on the House Veterans Affairs Committee issued a statement calling on the department to restrict access to sensitive information to essential personnel and to enforce those restrictions. "It is a mystifying and gravely serious concern that a VA data analyst would be permitted to just walk out the VA door with such information," the statement said. Sen. Larry E. Craig (R-Idaho), chairman of the Senate Veterans Affairs Committee, said his panel will hold hearings on information security at the department.

Yes, good questions. But why does it wait until after a problem to conduct hearings and investigate. Congress is supposed to provide oversight on a continual basis and watch out for potential problems before they mushroom.