BreachExchange mailing list archives
follow-up: Employee tried to mask extent of latest VA data breach
From: security curmudgeon <jericho () attrition org>
Date: Tue, 10 Jul 2007 06:38:43 +0000 (UTC)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.govexec.com/story_page.cfm?articleid=37403 By Daniel Pulliam GovExec.com July 9, 2007 An information technology specialist at the Veterans Affairs Department misled investigators in an attempt to cover up the extent of a data breach early this year that jeopardized personal information on more than a million people, according to a recent audit report. In an interview with auditors, the specialist gave inaccurate information about the Jan. 22 loss of an external computer hard drive from VA's Birmingham, Ala., research facility, the report from the department's inspector general stated. The information ended up in a press release about the incident, the investigators found. The specialist also encrypted and deleted multiple files from his computer shortly after he reported the data missing, making it more difficult to determine what was stored on his desktop, the IG said. He initially denied this when confronted by investigators, the report said. But an IG computer forensic analysis prompted him to admit to taking actions to hide the extent of the missing data. As of February, the IT specialist, who was not named in the report, had been placed on administrative leave pending the outcome of the investigation. The VA did not respond to requests for an update Monday on the specialist's employment status. Michael Kussman, VA's undersecretary for health, concurred with the IG's recommendation that "appropriate administrative action [be] taken against the IT specialist for his inappropriate actions during the course of the investigation and for failing to properly safeguard personally identifiable information on his missing external hard drive." Kussman said the "target completion" date for this was Oct. 1, following a review of the evidence. [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 211 million compromised records in 717 incidents over 7 years.
Current thread:
- follow-up: Employee tried to mask extent of latest VA data breach security curmudgeon (Jul 10)