Many privacy advocates dubbed 2005, “The Year of Data Breach.” Perhaps the term should be amended to “the years” or even “decade” with yet another announcement of a massive loss of data. This time a Department of Veterans Affairs (VA) employee took a laptop home, which was then stolen, that had personal information (including social security numbers) on 26.5 million veterans. It doesn’t look like the data was encrypted.
From the VA website:
The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of our policies. This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. Importantly, the affected data did not include any of VA’s electronic health records nor any financial information. The employee’s home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation.
I’m not sure why the Department takes comfort in noting that the data didn’t include any financial information or health records, considering it appears that the thieves have all the information they need to steal someone’s identity and wreak havoc with his or her finances.