Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

U.S. Service Personnel Data Stolen

Posted by samzenpus on Wed Jun 07, 2006 09:06 AM
from the good-move dept.
Security United States
BStrunk writes "I was reading the news this morning on Reuters, when I stumbled across this article: U.S. Service Personnel Personal Data Stolen In the article, an official violated policy by taking the detailed personal information of thousands of active and reserve troops to his personal home, storing it on a personal computer, that was later stolen. In an age where domestic phone calls are monitored, a government employee was allowed to walk out of a government installation with the data on thousands of American citizens to store on an insecure personal computer? Doesn't that seem strange to you? This is a real failure, in my opinion, in government protection of its citizens. Layers of encryption and protected access was successfully bypassed to make the theft of this information as simple as stealing a home pc. Now, not only do service personnel currently serving have to worry about IEDs and being fired upon, but they are now subject to possible identity theft. A real failure. After this, how could one have faith enough to serve an inept institution?"
+ -
story

Related Stories

[+] Stolen VA Laptop Recovered 202 comments
lancejjj writes "Remember how the VA was pinning the theft of 26.5 million veterans' personal records on a hard working-but-renegade employee whose laptop was stolen? Surprise! It turns out that the employee had written permission to bring the sensitive data home. Fortunately, the laptop has been recovered. It is still unclear how the laptop was recovered, or if any of the veterans' personal data was leaked."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

U.S. Service Personnel Data Stolen 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Strange question (Score:3, Insightful)

    by stupidfoo (836212) <strictfoo-ignorant&yahoo,com> on Wednesday June 07 2006, @09:10AM (#15486917) Homepage
    After this, how could one have faith enough to serve an inept institution?

    Why do we need all the editorializing in the blurb? And the troops don't serve an institution.

    • Re:Strange question (Score:5, Funny)

      by thrillseeker (518224) on Wednesday June 07 2006, @09:17AM (#15486983)
      After this, how could one have faith enough to serve an inept institution?

      Why do we need all the editorializing in the blurb?

      You must be new here.

    • Re:Strange question (Score:5, Insightful)

      by Anonymous Coward on Wednesday June 07 2006, @09:22AM (#15487020)
      I agree, rants and opinions belong in posts, informative summaries belong on the main page. I don't go to slashdot to get raved at by someone who doesn't understand the difference.

      That being said, I agree this was a failure, but not of the U.S. governemnt. This was a failure by the analyist who didn't feel it manditory to follow the rules. Every good sercurity measure begins and ends with trust. The Office of Veteran Affairs was betrayed just the same as everyone else in this instance.

      • Re:Strange question (Score:4, Insightful)

        by Herkum01 (592704) on Wednesday June 07 2006, @10:04AM (#15487348)

        The Office of Veteran Affairs was betrayed just the same as everyone else in this instance

        I call BS, Veteran Affairs has consistently been given low grades in security. It goes back to a culture of "I don't give a damn". As long as the agency is not punished, publicly or privately, you can bet it will happen again.

        • Re:Strange question (Score:5, Insightful)

          by RingDev (879105) on Wednesday June 07 2006, @10:19AM (#15487469) Homepage Journal
          I call shenanigans on your BS. You can't pin this down on just the VA. As a former member of the military who worked in HQ MC and the Pentagon, I can assure you that given the proper motivation of any worker, this information could be leaked/stolen/sold.

          In this case the fault was negligence. The laptop should have had an encrypted hard drive. The consultant should not have taken the data home. But if the consultant shouldn't have taken the data home, why was he given a laptop? There were many mistakes made in this process, and those same mistakes are made throughout the government and private sector. The VA has no special claim on incompetence.

          -Rick
      • In response to the "rant" on the main page:

        1. These were military personnel right? Referring to them as "American Citizens" is a stretch. Don't get me wrong. Hats off to our enlisted troops, but once you join the military you give up massive rights that a normal citizen has.

        2. My dad served in the army, and from my understanding, it is anything but "intelligent." "Army Intelligence" was referred to as an oxymoron....

    • Excuse me? (Score:5, Informative)

      by vivin (671928) <vivin DOT paliath AT gmail DOT com> on Wednesday June 07 2006, @11:08AM (#15487903) Homepage Journal
      Now, not only do service personnel currently serving have to worry about IEDs and being fired upon, but they are now subject to possible identity theft. A real failure. After this, how could one have faith enough to serve an inept institution?"

      I'm in Iraq right now. Yes, we have to deal with IED's and being fired upon. And yes, having to worry about this isn't all that great either. But that has absolutely nothing to do with "serving an inept institution" as you call it. We don't serve an institution. We serve in the Armed Forces of the United States. I serve in the Army, and I don't think that the Army is inept. This isn't a failure of the US Army as a whole, but it was due to the indiscretionary act of one person. He violated OPSEC (Operational Security) and he had no business taking sensitive information into his personal computer. This is HIS fault, and I hope he gets prosecuted to the fullest possible extent under the UCMJ. So please, like the parent said, no editioralization is necessary. We serve because we took an oath. We serve because we are professionals. We serve because words like Loyalty, Honor, Duty and Courage mean something to us. It doesn't mean that it means nothing to a civilian. But I hate it when people assume we are nothing but mindless drones. I, personally, try to keep politics away from the military. Which is why I don't endorse any side of political debate, when speaking as a soldier. I'm here to do a job, and I'm here as a professional.

      Sorry for going so far off-topic.
      • This isn't a failure of the US Army as a whole, but it was due to the indiscretionary act of one person.

        If one person can do this kind of damage, then the problem is with the system, not just that person.

  • This happens all the time unfortunately. People's stupidity can circumvent and electronic security measures. But I'd rather have my identity stolen than my legs blown off by an IED.

    http://psychicfreaks.com/ [psychicfreaks.com]

    • a government employee was allowed to walk out of a government installation with the data on thousands of American citizens to store on an insecure personal computer? Doesn't that seem strange to you. This is a real failure, in my opinion, in government protection of its citizens. Layers of encryption and protected access was successfully bypassed to make the theft of this information as simple as stealing a home pc.

      This happens all the time unfortunately. People's stupidity can circumvent and electron

  • The burglary from the employee's home in Aspen Hill, Maryland, involved a laptop computer with an external disk drive, officials have said.

    2 things...
    1.) Wouldn't stuff this sensitive be encrypted if it's sitting on an external disk drive?
    2.) Is there some sort of conspiracy going on? With the terrorist arrests in California and Canada? Perhaps somebody is planning something big ... and it starts by gathering all the personally identifiable information they can get on us citizens? (first the vets data

  • Since you are reposting 3 week old news (Score:4, Informative)

    by hsmith (818216) on Wednesday June 07 2006, @09:11AM (#15486933)
    You could at least post the update that the Vet's are now suing the VA [baselinemag.com].

    • The original event, the 26.5 million veteran records, may be old news, but now that has widened to encompass 2.2 million active members of the military, so this is hardly 3-week-old news. What it points to is a systemic problem -- why can't people keep sensitive data safe? The discussions here on Slashdot have gone on and on, with the consensus being that it seems stupid not to encrypt data, given the widespread availability of decent encryption software.

      If anything, this is going to prove a blow to the i

  • More Than Identity Theft (Score:4, Insightful)

    by foo fighter (151863) on Wednesday June 07 2006, @09:12AM (#15486935) Homepage
    There's a real fear that this includes classified disability info.

    If that info gets on the web, an employer googling a potential employee's name may see that candidate has, for instance, post-traumatic stress disorder (PTSD) and decide not to hire them. It's currently illegal to discriminate like that, but there's no way anyone will ever know in this hypothetical situation.
    • New, from the makers of HIPPA -- Unsecured Information Fun! It's absurd to think that a "Veterans Affairs data analyst who had violated official procedures by taking the data home" caused millions of people to be at risk for ID theft or worse. It's 2006 -- he is an alleged data analyst, meaning he should know the risk of unsecured data. 1) he broke office procedure by taking the data home, 2) he left the data completely unsecured on a computer in his home. If this happened at a health-insurance-industry

  • From the "Fine Tooth Comb" department (Score:4, Informative)

    by SomeoneGotMyNick (200685) on Wednesday June 07 2006, @09:12AM (#15486936) Homepage Journal
    This is in addition to the identifying data of millions of Veterans stolen in the same event. They originally reported only Veteran data. Now it seems it contains active duty soldier info as well.

  • Ever vigilant (Score:3, Insightful)

    by Rob T Firefly (844560) on Wednesday June 07 2006, @09:13AM (#15486946) Homepage Journal
    TFA: Bryan Whitman, a Pentagon spokesman, said, "We want to encourage service members to be vigilant and carefully monitor their personal information and any statements related to recent financial transactions."

    Great, as if they didn't have enough to deal with. I can just picture some soldier under mortar fire in Iraq, trying to load a rifle with one hand while juggling a cellphone on hold with American Express in the other hand..

  • Personal information on about 2.2 million active-duty, National Guard and Reserve troops was stolen last month from a government employee's house, officials said on Tuesday in the latest revelation of a widening scandal.

    The Department of Veterans Affairs said the information, including names, Social Security numbers and dates of birth, may have been stored in the same stolen electronic equipment that contained similar personal data on 26.5 million U.S. military veterans.

    Same crap, different day. The

  • And in other news (Score:4, Insightful)

    by porkchop_d_clown (39923) <porkchop_d_clown@@@mac...com> on Wednesday June 07 2006, @09:14AM (#15486956) Homepage
    Slashdot notices a month-old scandal.

    Thieves steal personal data of 26.5M vets [belleville.com]

    Theft of Data Leads to Firings [washingtonpost.com]

  • Official Use Only Information (Score:5, Informative)

    by goombah99 (560566) on Wednesday June 07 2006, @09:14AM (#15486965)
    The information is not classified, it's Official Use Only, which is a form of protected information. Personell records are usually, in part, execmt from freedom of information act requests, so they may enjoy a slightly higher level of protection than ordinary OUO.

    However, nearly every govenrment computer in existence includiung laptops has gobs of OUO information on it. It's not encrypted because it's not that sort of information. It's just controlled dissemination. That does not mean it might be harmless to release it but it's way below classified.

    It is not alarming the people occasionally accdentally disseminate or lose control of OUO. Employees are simply expcted not to do so wilfully or wantonly or carelessly. Its even permissible to share OUO with people outside the governemnt if the employee thinks it would be useful to do so. The fact that OUO was taken home is not a big deal.

    In this case the only big distinctions are the massive quantity of the information, and the fact that it's personell records which do have higher levels of protection. Apparently it was also policy not to take these home.
    • The information is not classified, it's Official Use Only, which is a form of protected information.

      Apparently not. :/
    • Government control of this sort of information can often be very poor, because there are not business or contractual ramifications.

      I work for the federal government, and I often travel overseas with a government owned laptop. That laptop usually has export controlled (but unclassified) information on it.

      Whenever I do this I have to fill out many forms documenting exactly what is on that laptop. When I asked why, it was "so we know what was on it if you loose it - that would technically be an export, and w

        • This is a case of "no good deed goes unpunished."

          Not keeping records of servicemen's personal data secure is a good deed?

          The guy was working on a project at home "unauthorized", his laptop and usb hdd get stolen, officals grandstand, and he gets fired at age 60 (perhaps without a pension).

          Fuck, I sure hope so. I hope he got fired twice somehow in a bizarre star-trek-ian causality loop. Anyone who would keep confidential data on a computer in a physically insecure location without encrypting it is a fucking moron. Fuck him in his working-at-home ear.

          Perhaps you didn't notice, but the entire federal government got failing grades on their infosec security report card. Are you really okay with that? By making excuses for idiots who cannot see their way to actually protecting confidential data, you are part of the problem.

  • Apples and oranges (Score:3, Informative)

    by operagost (62405) on Wednesday June 07 2006, @09:17AM (#15486980) Homepage Journal
    In an age where domestic phone calls are monitored, a government employee was allowed to walk out of a government installation with the data on thousands of American citizens to store on an insecure personal computer?
    Those are two separate issues. The proverbial apples and oranges come to mind. It's something like saying, "In an age where crackers are trading warez across P2P networks, people are allowed to have CD-RW drives in their computers?"

    Besides, domestic calls are not monitored without a warrant. Do you have a problem with that? Perhaps you are thinking of international* calls to known members of terrorist organizations.

    Doesn't that seem strange to you.
    Is that a question?

    * According to my phone bill, a call made from my house to another country is an international call.

    • "Besides, domestic calls are not monitored without a warrant."

      Depends on what you mean by 'monitored'. Are records of domestic calls being kept and stored in a database for potential future use? You betcha. Is this monitoring? Maybe. I think so.

      And the point that was being made in the editsummary is, AFAICT, that the US government is capable of monitoring domestic phone calls, and willing to brute force the issue with the telcos, but not capable of of preventing this kind of stupid human error.
        • I have a service contract with the phone company relating to those specific calls. I do not have a service contract with the government relating to those specific calls. Due to the history of telephone monopoly in the US, neither I nor anyone else has the ability to demand confidentiality as part of our telephone service contract. The problem is that the government regulates a monopoly where it is in the direct interest of some parts of government to not regulate always in the favor of the citizen.

          As to

  • Do you want trusted computing? (Score:3, Insightful)

    by file-exists-p (681756) on Wednesday June 07 2006, @09:18AM (#15486996) Homepage

    The only way to prevent most of that kind of leak is the infamous trusted computing. How can you prevent somebody to walk out of the building with critical files on his USB key without "secure hardware" ?

  • As a vet, I can say... (Score:5, Informative)

    by blueZ3 (744446) on Wednesday June 07 2006, @09:19AM (#15487005) Homepage
    that most folks who go in the military don't do it to "serve an inept institution" or to serve an insitiution of any kind. Those who are serving for ideological reasons (even if "patriotism" only plays a small part in the decision) believe they're serving the country as a whole and the ideals it stands for. That's why we say "serving our country" not "serving the military."

    Everyone who has been in the service knows that there are always a few idiots up in the higher levels of the chain of command. Also that the civilian employees of the DoD aren't always interested in looking out for the interests of the military personnel that they are supposed to be serving. Dealing with the civilian DoD folks was a constant frustration during my time at Fort Bragg. Not that those folks are all bad, but the service they gave me when I was in the 82nd was second only to the service I get from the DMV -- surly and uncooperative.

    • Those who are serving for ideological reasons (even if "patriotism" only plays a small part in the decision) believe they're serving the country as a whole and the ideals it stands for. That's why we say "serving our country" not "serving the military."

      I understand the reasoning of people going in for ideological reasons, but they're wrong. You are NOT serving your country. Anyone who believes that working for the military is serving their country is only fooling themselves. Over $400B on this bullshi

  • Don't Worry... (Score:3, Funny)

    by dcollins (135727) on Wednesday June 07 2006, @09:21AM (#15487017) Homepage
    Don't worry, this is all fixed now, and can't possibly happen again. We recommend that you not dwell on past history, and move forward into the future. Your private information is completely safe with the government, we've learned our lesson.

    And that goes double for next time, too.

  • Quis custodiet ipsos custodes? (Score:3, Insightful)

    by Medievalist (16032) on Wednesday June 07 2006, @09:22AM (#15487019)


    "Who shall watch the watchers?" --Decimus Iunius Iuvenalis [wikipedia.org]

  • What is this, a Theme Summer? (Score:4, Informative)

    by Doctor Memory (6336) on Wednesday June 07 2006, @09:43AM (#15487169) Homepage
    This follows on to the theft of several laptops worth of corporate employee data. Almost makes me want to open up a consumer credit protection business...

    Ernst & Young lose data on a quarter-million Hotels.com customers [theregister.co.uk]

    Ernst & Young (hey, there is a theme here!) lose information on Sun employees (including then-CEO Scott McNealy) [theregister.co.uk]. Also included were employee records for IBM, Nokia and Cisco.

    Wells Fargo proves it can play the game too [theregister.co.uk].

    And not to be left out, let's not forget Fidelity's loss of 200,000 HP employee records [theregister.co.uk].

    What's scary is that both Fidelity and E&Y audit other companies for security and regulatory compliance (including HIPAA and Sarbanes-Oxley)...

  • False sense of security (Score:3, Insightful)

    by mabu (178417) on Wednesday June 07 2006, @09:59AM (#15487312)
    People are focusing on the transgression of the guy putting this data on his laptop and taking it out of the building. In reality, you can bet the systems he was working on were networked and he could have accessed the data from his home directly. I'm not sure if there is a simple solution to this other than constantly making sure all data is encrypted wherever it is stored.

  • Actual this is great (Score:5, Insightful)

    by portwojc (201398) on Wednesday June 07 2006, @10:02AM (#15487332) Homepage
    Actually this is the best thing that could have happened. A complete failure in a system, potential for identity theft, and involving current/past service men/women. I am one of those by the way.

    Why is this the best thing? Cause when troops are involved national pride actually works and things get done. People will flip out over this and they will finally fix it. Think of the children is first followed quickly by think of the troops. Now maybe they'll put the responsibility where it belongs. Squarely on the shoulders of those companies that deal with credit. Then I'll stop getting those calls for the new service that protects my credit and it only costs $14.95 a month. Make that free and actually go after these thieves instead of what they do now.

  • Service to an inept institution. (Score:3, Insightful)

    by GodInHell (258915) on Wednesday June 07 2006, @10:07AM (#15487372) Homepage
    After this, how could one have faith enough to serve an inept institution?"

    This is a common misstatement made by those who think joining the armed services is about service to the army, or the navy, or the president. Joining one of the U.S.A.'s armed services is about serving your country, not the individuals in control of it. It's about protecting your homeland from invaders. It's about getting a shot at the brass ring of U.S. citizenship through sacrifice. It's about putting yourself on the line for your brother, your friend, your mother, your future, etc.

    When I apply for a job in the states, I do so based on my ability to trust my employer to treat me responsibly. I would refuse a job that didn't pay well, or one where my employment would be degrading or unduly dangerous. Joining any military is a distinctly different sort of employment. It's an inherently dangerous job, one in which you can expect abuse from your employer, rigorous and painful training, and eventual combat duty.

    So, in short, while this article is certainly a sign that our government is abusing our troops, one should honor those who do so despite the obvious risks inherent in service. Rather than wondering who would serve, we should wonder who would treat so poorly those who give so much. We ought (as in a moral ought) to respect and honor those who risk their lives to defend our way of life. We ought (again, moral ought) to hold in deepest revulsion those who abuse them, or send out the troops over petty personal desires and greed.

    -GiH

  • Theft like this is stupid and unnecessary (Score:3, Insightful)

    by Quila (201335) on Wednesday June 07 2006, @10:10AM (#15487398)
    I've done work like this, writing software that works with various sensitive data, millions of records, maybe even one of you, and I've done it from home.

    However, my set of data was real data that was obfuscated, random names, SSNs, etc., generated, replacing the ones in the database. No real data was ever allowed to be exported off the database server, period. Only an SA could steal it.

    That this wasn't done is just gross negligence on the part of the organization.

  • I Served - and the OP is wrong in one respect (Score:5, Insightful)

    by EQ (28372) on Wednesday June 07 2006, @10:14AM (#15487424) Homepage Journal
    "how could one have faith enough to serve an inept institution?"

    I didnt serve the Army - I served *IN* the Army.

    What I served was the American People, through their elected Commander in Chief, and the primary focus of the Oath I and others swear is:

    to Uphold and Defend the Constitution of the United States

    Second error bythe OP is the "institution" that lost the data was not the military per-se but the Veterans Administration, a cabinet level office that is seperate fromthe Army, Navy, Airforce, marines and Coast Guard,m etc.

    When will ./ editors have enough of the spin and editorializing - especially when its egregiously wrong as it is in this case. How about getting an editor with some military background instad of the usual suspects? A little bit if diversity might help ./ avoid posters like the originator who completely misses the point of the article and instead tries to spin it politically (point is veterans records were taken via a moron breaking security at the VA, not some anti-military screed that the OP tries to spin it into).

    There Plenty of libertarian geek veterns out there who post here regularly - Rob, grab one and add some diversity to the editorial clique.

  • Publish the SSNs ! (Score:3, Interesting)

    by GlobalEcho (26240) on Wednesday June 07 2006, @10:14AM (#15487428)
    I know that in this case more than social security numbers were taken. But this is a good spot to say that I would like the US government to publish, for free download, a list of all issued SSNs and their associated names. Then the banks, insurance companies, universities and so on will have to stop pretending the damn things are secret.

  • The news worse then the incident (Score:3, Interesting)

    by Momoru (837801) on Wednesday June 07 2006, @10:36AM (#15487649) Homepage Journal
    Someone stole a laptop. It would be wiped and sold on the street. 99% chance no one would be the wiser, the thief didn't know what he had. Now news comes out that there could be a laptop with tons of valuable info...thiefs all now look to see if they have the golden laptop! Another case where the news of the incident makes the problem worse. Lets make a big deal of this when someone actually knows they have this data and uses it for ill intent.
    • Improvised Explosive Device. DIY bomb, if you will. Nasty little fsckers.

    • Re:IED? (Score:3, Informative)

      by RingDev (879105)
      Improvised Explosive Devise.

      Basically a bunch of artillery shells wired to a trigger or remote. When a US convoy drives past the IED hiding spot, a watcher triggers the explosive and the huge crater is formed right where the convoy used to be.

      -Rick
    • Improvised Explosive Device - http://en.wikipedia.org/wiki/Ied [wikipedia.org]
    • Improvised Explosive Device

      Like a big 120mm shell converted into a roadside bomb.

      Or a stick of TNT dipped in superglue and then bb's

    • Re:IED? (Score:5, Funny)

      by Foofoobar (318279) on Wednesday June 07 2006, @09:15AM (#15486972)
      Its a device used to keep from getting pregnant. In the late 80's, there was an IED for OIL program that the UN started with limited success. Since then, the country has had a glut of birth control so much so that inventive terrorists have discovered a way to turn them into cheap and effective weaponry. This is why the military has upped its recruiting of pre-teen girls to combat this menace.
    • It's not a Dupe... this is a diffrent theft, the origonal data stolen was from the V.A. database.

      It just happened exactly the same way...

      I guess Slashdot can't help if the news is repetative.

      • Re:Not a dupe! (Score:4, Informative)

        by SomeoneGotMyNick (200685) on Wednesday June 07 2006, @09:28AM (#15487064) Homepage Journal
        Not quite....

        The Active Duty info is a subset [wgal.com] of the same data stolen weeks ago.

      • This was different data, on the same damn laptop. I think the guy was in on it. Nothing else was stolen, just his laptop, which, oopsie! had not one but two sets of valuable data which were not supposed to be on it. Here's what I think went down:

        Dude had some bad debts to some bad men. Said bad men approached him with a way he could pay them off. Just get data for ID theft on his laptop then leave it in his house and they would make it look like a burglary. Dude does so, and reports laptop stolen, but not t
    • I doubt "The Man" specifically engineered this failure. "...was allowed to walk out?" What kind of crap statement is that? He had a laptop and an external hard drive. I didn't see any mention of "His supervisor instructed him to copy sensitive data onto a personal computer..." Should everyone leave an hour early so the door guards can perform an extensive scan on their laptop? If they run across encrypted files, shoudl they require the keys, to ensure no secure data is being taken? If they have to check tho
        • Contractors without even crappy VA benefits and not subject to Geneva conventions. ;)

          Of course! Privatizing government functions lets the government get around that annoying thing called the "Constitution" (aka "just a goddamn piece of paper").

    • First, how would someone know that this computer contained all this information?

      If you're following the story, every indication is that it was a routine suburban residential burglary. I live in the same county as the home that was robbed, and this is exactly like every other B&E we always see: laptops, game consoles, digital cameras, jewelry, cash. Rinse, repeat.

      If you live in the DC area as an info-worker, the odds of you handling sensitive payroll or similar data, especially related to governmen

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.