Unencrypted thumb drive causes breach at VA

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://fcw.com/articles/2010/11/18/data-breach-va-veterans.aspx

By Alice Lipowicz
FCW.com
Nov 18, 2010

Two recent privacy breaches at the Veterans Affairs Department involved 
employees who disregarded information security protocols they were trained 
to follow, said Roger Baker, assistant secretary for information and 
technology at VA.

One incident involved an employee who plugged a personal unencrypted thumb 
drive into his computer at work and used it to inappropriately store 
Social Security numbers and other personal data for 240 veterans. The 
thumb drive was then lost inside a VA facility, found by a VA security 
guard, taken home by the guard and finally returned to VA officials, who 
declared the events a security breach.

In the other incident, a VA employee printed out Social Security numbers 
and other personal information on 180 veterans and took the papers home, 
where he typed the information into a Microsoft Word file on his home 
computer. When he tried to send the file to his work account via e-mail, 
VA's system flagged the message, resulting in discovery of the breach.

[...]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/