Beginning in 2003, the Veterans Affairs (VA) employee hauled out data on CDs, DVDs, floppy disks and flash drive, apparently without permission, then copied it to his own external hard drive at home, without passwords or encryption.
Most recently, he had added 26.5 million records from the Beneficiary Identification and Records Locator Subsystem database (BIRL), which includes social security numbers, full names, birth dates, service numbers, and combined degree of disability.
Nobody knew or cared… till the burglary, 3 May 2006.
The Employee immediately notified several VA bosses, who shuffled papers and played CYA, till the VA Office of Inspector General (OIG) got involved. Not until 15 May then did anyone ask how many records the guy lost, or what they contained.
- 3 May
Kevin Doyle, Security and Law Enforcement Police Operations Team Leader;
Michael McLendon, Deputy Assistant Secretary for Policy;
Dat Tran, Acting Director of the Data Management and Analysis Service. - 4 May
John Baffa, Deputy Assistant Secretary for Security and Law Enforcement;
Information Security Officer (ISO). - 5 May
District Information Security Officer (District ISO);
Johnny Davis, Acting Associate Deputy Assistant Secretary for Cyber Security Operations;
Security Operations Center of the Office of Information and Technology (SOC);
Dennis Duffy, Acting Assistant Secretary for Policy, Planning, and Preparedness. - 10 May
Thomas Bowman, VA Chief of Staff;
Jack Thompson, Deputy General Counsel;
Gordon Mansfield, Deputy Secretary.
Twelve up-stream bureaucrats behaved as if this disastrous threat to the financial security of millions of fellow Americans either wasn’t that important, or wasn’t their job.
The errant Employee wasn’t even sure who he worked for. Employee told OIG that Tran was his boss, but he wasn’t. Apparently, after an intense disagreement between McLendon and his boss, Duffy, Employee had been handed over to one Michael Moore, who apparently didn’t know anything about any of this. Boy, did he luck out.
On 4 May, Tran advised McLendon and the ISO that a copy of a BIRLS extract was probably on the external hard drive that was stolen. McLendon didn’t inform Duffy. The ISO told him, the District ISO and SOC the next day.
And so it went.
The OIG says McLendon misrepresented the purloined data’s security. Then, the SOC sat on the mess for twelve long days before passing it back to the ISO with the excuse that it was out of SOC’s jurisdiction. This didn’t matter that much to Duffy, as he told the OIG that “he did not even know that there was a SOC before the burglary.”
It seems everyone thought the data theft was the G-13 ISO’s job… Everybody but the ISO. The OIG wrote:
Ironically, when questioned about his role as an ISO for the SOC, the ISO said, “Im not an investigator. Im a computer tech guy that has a job.”
The OIG concluded that they’re all idiots… or at least, that’s the way I read it.
McLendon has resigned, Duffy retired and the now ex-employee is said to be appealing.
Let’s see… that leaves ten.
So many lives at the mercy of so many incompetents.
Email Battles Backgrounder:
- VA report on stolen laptop: They’re all idiots and/or liars; NewsByte; Email Battles; 12 July 2006.
- Black Market Returns Prodigal VA Laptop While FBI Dissembles; Email Battles; 05 July 2006.
- More Private Data Is Burgled From Government Than Hacked; Email Battles; 20 June 2006.
- News (yawn) flash: VA analyst’s lost laptop was no aberration. Duh.; NewsByte; Email Battles; 15 June 2006.
- VA top dog to Congress: Stop us before we do it again.; NewsByte; Email Battles; 09 June 2006.
- Five vets groups go to war against VA seeking control of records; NewsByte; Email Battles; 07 June 2006.
- Boss of Slippery-Fingered VA Analyst Gets The Boot While Keystone Kops Give Chase; Email Battles; 31 May 2006.
- Why Steal Social Security Numbers, When You Can Get Them For Free?; Email Battles; 25 May 2006.
- VA: The perps can’t possibly know that they have 26.5 million Social Security Numbers!; Email Battles; 23 May 2006.
No comments
Comments feed for this article