BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

How the VA deals with data breaches

From: security curmudgeon <jericho () attrition org>
Date: Thu, 22 Aug 2013 11:02:19 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://fcw.com/articles/2013/08/21/veterans-affairs-data-breaches.aspx

By Frank Konkel
FCW.com
Aug 21, 2013

Privacy is paramount in the Department of Veterans Affairs, and a small 
interagency team plays a large role in how the federal government responds to 
potential breaches in the privacy of its veterans.

Each week, at least some of the Data Breach Core Team's 30 members gather to 
pore over suspected data breaches reported through the agency's Privacy 
Security Event Tracking System, determining whether an incident is an actual 
breach. The DBCT assigns a risk categorization ? low, medium or high ? to each 
potential breach and determines whether VA should offer credit monitoring to 
veterans in each case.

The weekly sessions highlight a transformation the agency went through 
following the disastrous data breach in 2006 that might have exposed the 
personal data of 26 million veterans, according to John Oswalt, VA's associate 
deputy assistant secretary for privacy, policy and incident response.

The 2006 breach ? the result of the theft of a VA analyst's laptop and external 
drive, which were eventually recovered intact ? cost taxpayers millions of 
dollars and damaged VA's public reputation and its trust with the veterans it 
was charged to protect. It also highlighted internal inadequacies in how VA 
reported and responded to potential breaches ? then-VA Secretary James 
Nicholson was not notified about the incident until three weeks after it took 
place.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: