Last week the Department of Veterans Affairs (VA) disclosed that a laptop and disks containing sensitive data had been stolen from the home of an employee of the VA in Montgomery County, Virginia. The employee, who had taken the computer and disks home in violation of VA rules, has now compromised the financial data of 26.5 million veterans. News reports indicated that the sensitive data included the Veterans names and social security numbers. This would effectually, give identity thieves the virtual “keys” to the financial lives of millions of American Veterans and their families.
My purpose today isn’t to focus on the irresponsibility of the employee, the lack of internal security at the VA, the punishment for the employee and supervisors at the VA, or the financial ramifications of the potential identity theft. All of this will play out in the days and months ahead.
The best hope for the Veterans is that the thieves didn’t know the significance of the data they have stolen. A CBS report on May 22, 2007 described the May 3, burglary as such: “A long-time Veterans Affairs analyst told Montgomery County, Md., police someone pried open a window, broke into his home during daylight hours and stole a computer, an external drive, and a bag containing computer files.”
Let’s see. Assume that somewhere out there is the thief who stole the laptop. He’s got a bag containing some meaningless computer disks, which don’t excite him whatsoever. Now, after listening to the news reports, he knows he’s got some information that can be sold to identity thieves for a large sum of money! He must be muttering, “Thanks, news media! Yeah, that was me! May 3rd burglary, laptop, external drive, bag with disks! I didn’t know I had anything until the media described the date, location, and exact items stolen in the robbery! Now all I have to do is call 1-800-Identity Thief and I’m a rich man!”
Don’t get me wrong. It was important to notify Veterans that their information may be at risk. However, it was incredibly stupid to disclose the exact circumstances of the robbery so that the thieves would be more likely to damage the affected Veterans.
As I think about the millions of Veterans who may have a compromised financial future because of this robbery, I hope that the information released about the location, date, and items stolen is completely false and misleading. In fact, I hope the government gave out that information as part of a deliberate misinformation campaign in an attempt to reduce the possibility that the thieves would use the data.
It is unfortunate that so many of our loyal Veterans have been inconvenienced. If there were a group that least deserved this, it would be our Veterans. If the reports disclosing the date and details of the robbery are accurate, the only group more irresponsible than the employee who took the data home are those in the media that have further compromised the future of our Veterans. For now, we’ll just have to sit back, cross our fingers, and pray that no damage has been done.