Update!.....va Data Theft News

[Gimpy]

UPDATE: VA ANNOUNCES FREE CREDIT MONITORING PROGRAM FOR VETS IS IN THE WORKS -- VA will begin accepting bids for services -- Program should be in effect by mid-August.


Secretary Nicholson Announces VA to Provide Free Credit Monitoring


June 21, 2006

WASHINGTON ? As part of the continuing efforts by the Department of Veterans Affairs (VA) to protect and assist those potentially affected by the recent data theft that occurred at an employee?s Maryland home, Secretary of Veterans Affairs R. James Nicholson today announced that VA will provide one year of free credit monitoring to people whose sensitive personal information may have been stolen in the incident.


?VA continues to take aggressive steps to protect and assist people who may be potentially affected by this data theft,? said Nicholson. ?VA has conducted extensive market research on available credit monitoring solutions, and has been working diligently to determine how VA can best serve those whose information was stolen.


?Free credit monitoring will help safeguard those who may be affected, and will provide them with the peace of mind they deserve,? he added.


The Secretary said VA has no reason to believe the perpetrators who committed this burglary were targeting the data, and Federal investigators believe that it is unlikely that identity theft has resulted from the data theft.


This week, VA will solicit bids from qualified companies to provide a comprehensive credit monitoring solution. VA will ask these companies to provide expedited proposals and to be prepared to implement them rapidly once they are under contract.


After VA hires a credit monitoring company, the Department will send a detailed letter to people whose sensitive personal information may have been included in the stolen data. This letter will explain credit monitoring and how eligible people can enroll or ?opt-in? for the services. The Department expects to have the services in place and the letters mailed by mid-August.


Secretary Nicholson also announced VA is soliciting bids to hire a company that provides data-breach analysis, which will look for possible misuse of the stolen VA data. The analysis would help measure the risk of the data loss, identify suspicious misuse of identity information and expedite full assistance to affected people.


As part of VA?s efforts to prevent such an incident from happening again, Secretary Nicholson previously announced a series of personnel changes in the Office of Policy and Planning, where the breach occurred; the hiring of former Maricopa County (Ariz.) prosecutor Richard Romley as a Special Advisor for Information Security; the expedited completion of Cyber Security Awareness Training and Privacy Awareness Training for all VA employees; that an inventory be taken of all positions requiring access to sensitive VA data by June 30, 2006, to ensure that only those employees who need such access to do their jobs have it; that every laptop in VA undergo a security review to ensure that all security and virus software is current, including the immediate removal of any unauthorized information or software; and that VA facilities across the country ? every hospital, Community-Based Outpatient Clinic (CBOC), regional office, national cemetery, field office and VA?s Central Office ? observe Security Awareness Week beginning June 26.


People who believe they may be affected by the data theft can go to www.firstgov.gov for more information. VA also continues to operate a call center that people can contact to get information about this incident and learn more about consumer-identity protections. That toll free number is 1-800-FED INFO (1-800-333-4636). The call center is operating from 8:00 am to 9:00 pm (EDT), Monday-Saturday as long as it is needed.

-------END--------

[MORTARDUDE]

Good deal !!! Thanks for posting.

Larry

[Robert Ryan]

Thanks for the info Gimpy.

[Gimpy]

SENATE COMMITTEE OKs $160 MILLION FOR VETERANS' ID THEFT -- Money will not come out of VA budget if full Senate approves.

Want to know who supports vets?

Watch for the vote on this bill.

This appropriation would guarantee that no VA funds are used to pay for the data heist mess.

There are two articles below.

First is a Senator Patty Murray press release. She was Co-sponser of the bill that authorizes additional funds to pay for this new project.

###START###

Don't Raid Veterans Healthcare to Fund the VA's ID Theft Response: Murray/Byrd Pass Emergency Funding to Protect Veterans

$160 million in emergency funding will allow the VA to provide free credit monitoring services for affected veterans and military personnel

(WASHINGTON, D.C.) ? U.S. Senator Patty Murray (D-Wash.) and Senator Robert Byrd (D-WV) today succeeded in passing emergency funding through the Senate Appropriations Committee to ensure that veterans healthcare and benefits are not raided as the Department of Veterans Affairs (VA) responds to last month's data security breach. The amendment passed 15-13 and garnered the support of two Republican members of the Committee.

"The VA's announcement that they will provide free credit monitoring for those whose personal information was put in jeopardy is a first step in taking responsibility for this breach," Murray said. "Now, we need to ensure that veterans and military personnel don't pay twice for the VA's mistakes. By passing this emergency amendment, we sent a clear message to the VA that they need to pay for their breach responsibly."

"The United States has an obligation to protect the private information of our veterans and our military men and women. But when it came to meeting that obligation, the VA failed. This amendment is an effort to clean up the VA's mess," Senator Byrd said. "If this personal information finds its way into the wrong hands, criminals could use it to fraudulently apply for credit cards, cell phones, or other consumer purchases, leaving the charges to be paid by an unsuspecting veteran."

Yesterday, the VA announced it would provide one year of free credit monitoring for millions of veterans and service members whose credit and personal information may have been compromised by the VA. The VA estimates that service will cost $160 million, and the agency is in discussions with Congress about where to find the money to pay for it.

Murray, a senior member of the Senate Veterans' Affairs Committee and Byrd, the ranking Democrat on the Senate Appropriations Committee, are concerned that the VA will fund that program by cutting money from the VA's healthcare, benefits or information technology accounts.

"This is a disaster that will cost hundreds of millions of dollars to fix. If we don?t provide emergency funding, the VA will take that money out of the services and benefits our veterans rely on," Murray said. "Veterans and members of our active duty military have been hurt once by the VA. We need to provide the funding to make sure they are not hurt again."

The Murray/Byrd amendment to the Senate Agriculture Appropriations Act of 2007 provides $160 million in emergency funding to the VA for the agency's recently announced credit monitoring services.

"It's not acceptable to tell veterans ? 'We lost your personal information and by the way, we're going to cut your healthcare and benefits to pay for this mess that we created,' " Murray said.

Next, the full Senate must pass the Agriculture Appropriations Act. A date for that has not been scheduled.

-------END--------

The second article is next.

###START###

Senate OKs $160M for Veterans' ID Theft

June 22, 2006 -----Noting "it's not going to be cheap," VA Secretary Jim Nicholson pledged not to take the money from current VA programs. So far, the department has already spent $14 million to set up a call center and notify veterans by letter, and it's spending an additional $200,000 a day to maintain the call center.

A Senate panel on Thursday approved $160 million to pay for credit monitoring for veterans, one of many expected payments as the government struggles with fallout from data breaches crossing several agencies.


Meanwhile, a House panel was cautioned that credit monitoring alone may not be enough to protect millions of veterans and nearly all active-duty military, Guard and Reserve members whose names, birth dates and Social Security numbers were taken May 3 from a Veterans Affairs employee's home.


"The worst-case scenario is that the veteran's file finds its way to a public distribution source, such as the Internet," Mike Cook, a co-founder of a company specializing in data breaches, told the House Veterans Affairs Committee.


"If this happens, the stolen identities will lose their connection to the VA data breach and groups of fraudsters might actively trade that data among the fraud community," Cook said. "More people might have access and could misuse those identities on a grander scale."


The Senate Appropriations Committee approved the $160 million in emergency funds on a 15-13 vote; some Republicans objected because the VA has said it can use existing funds to pay for credit checks.


"I don't think it's acceptable to tell our veterans we lost your personal information, and by the way, we're going to cut your health care to pay for it," said Sen. Patty Murray, D-Wash., who sponsored the amendment to an agriculture spending bill.


On Wednesday, the VA announced it would provide free monitoring for a year, taking responsibility after the data was stolen in suburban Maryland. The VA said it would also hire a contractor to do data analysis to help pinpoint identity theft; the agency, however, did not offer specifics, saying it wanted to see what bids they receive.


Noting "it's not going to be cheap," VA Secretary Jim Nicholson pledged not to take the money from current VA programs. So far, the department has already spent $14 million to set up a call center and notify veterans by letter, and it's spending an additional $200,000 a day to maintain the call center.


The government moves come as several agencies in recent weeks have acknowledged similar data breaches. Late Wednesday, the Agriculture Department said a hacker broke into its computer system and may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors.


Like the VA, the Agriculture Department said it would offer free credit monitoring for a year to anyone who might have been affected.

During the House hearing Thursday, Cook said identity theft victims typically don't become aware they've been hurt until six months after their data was stolen, when creditors come calling for money owed. At that point, it's likely the thieves will have moved on -- having made just a few purchases so they don't attract notice -- and started using another victim's information.


As a result, a credit monitoring service would raise a red flag after it was too late, Cook said. He said data analysis technology was available to help identity theft as it occurs, particularly in the typical cases in which thieves use stolen identities to fraudulently obtain credit cards and then make purchases.


Rep. Steve Buyer, chairman of the House panel, said he believed the VA and Congress should consider additional safeguard measures -- even if it means costing taxpayers more.


"The concern is, are we creating a false expectancy -- that if the VA does credit monitoring, I am safe?" said Buyer, R-Ind. "I still have great fears."


There have been no reports of identity theft so far from the VA data breach, one of the nation's largest. But Nicholson acknowledged this week that authorities -- who believe the burglars were not specifically targeting the sensitive data- are nowhere close to apprehending those responsible. The FBI also has noted that "unless the equipment is recovered, veterans will never be certain their personal information is safe."


Earlier this month, the Health and Human Services Department discovered that personal information for nearly 17,000 Medicare beneficiaries may have been compromised when an insurance company employee called up the data through a hotel computer and then failed to delete the file.


And the Energy Department also reported that social Security numbers and other information for nearly 1,500 people working for the National Nuclear Security Administration may have been compromised when a hacker gained entry to the department's computer system last fall. Officials said June 12 they had learned only recently of the breach.

-------END--------

[Gimpy]

Folks need to see this..........................

[Gimpy]

Seems all the propaganda coming from the piss poor management at the VA about the 'employee' not being 'authorized' to remove the data from VA headquarters is just so much bull$hit.

Heads ought to roll straight at the TOP of the VA since this 'new' information has become public knowledge.

###START###

VA worker had OK for data later stolen
By HOPE YEN, Associated Press Writer Thu Jun 29, 4:15 AM ET

WASHINGTON - Lawmakers say they want to know whether a Veterans Affairs employee was being unfairly blamed for losing veterans' personal information, citing newly disclosed documents showing he had received permission to work on the data from home.

"From the start, the VA has acted as if the theft was a PR problem that had to be managed, not fully confronted," said Rep. Bob Filner (news, bio, voting record), D-Calif. "They're trying to pin it on this one guy, but I think it's other people we need to be looking at."

VA Secretary Jim Nicholson and other top department officials were to testify Thursday before a House committee investigating the government's largest computer security breach.

According to internal documents obtained by The Associated Press, the VA data analyst faulted for losing personal data for up to 26.5 million veterans had the department's approval to access millions of Social Security numbers on a laptop from home.

The documents show that the data analyst, whose name was being withheld, had approval as early as Sept. 5, 2002 , to use special software at home that was designed to manipulate large amounts of data.

A separate agreement, dated Feb. 5, 2002, from the office of the assistant secretary for policy and planning, allowed the worker to access Social Security numbers for millions of veterans.

A third document, also issued in 2002, gave the analyst permission to take a laptop computer and accessories for work outside of the VA building.

"These data are protected under the Privacy Act," one document states. The analyst is the "lead programmer within the Policy Analysis Service and as such needs access to real Social Security numbers."

The department said last month it was in the process of firing the data analyst, who is now challenging the dismissal.

VA officials have said the firing was justified because the analyst violated department procedure by taking the data home. They also said he was "grossly negligent" in handling sensitive information.

However, Filner noted that the employee had informed supervisors of the theft immediately after the crime, while supervisors waited nearly three weeks to inform the public on May 22. Nicholson himself was informed on May 16.
"The gross negligence in this case are the people above him," said Filner, the acting top Democrat on the House Veterans' Affairs Committee.

A spokesman for the VA did not have immediate comment Wednesday. (Of course not, these assholes are going to try and cover this crap up with more crap------typical-----Gimp)

Veterans groups and lawmakers from both parties have criticized the VA for the theft and noted years of warnings by auditors that information security was lax. Some veterans also have filed suit in federal court, seeking $1,000 in damages ? or up to $26.5 billion total ? for privacy violations.

Separately, President Bush on Wednesday asked in a letter to House Speaker Dennis Hastert, R-Ill., for $160.5 million to help the VA cover the costs of credit monitoring and fraud watch services.

The money would be taken from programs in the departments of Agriculture, Health and Human Services, Labor, Transportation, Treasury and Veterans Affairs whose money would otherwise go unused or from programs previously set for elimination, according to Scott Milburn, spokesman for the Office of Management and Budget.

The programs included those for food stamp employment and training, trade adjustment assistance for farmers, and health professions student loans.

The VA has spent more than $16 million to set up a call center and to notify veterans by letter. It is spending an additional $200,000 a day to maintain the center.

___