VA Putting Veterans at Risk for ID Theft and Fraud – Violating Federal Regulations

by Jim Malmberg

computer w lock

March 12, 2013 – In May, 2006, the Department of Veterans Affairs (VA) had a computer stolen which contained the names, addresses, SSNs, birth dates and other highly sensitive data on 26.5 million people. The data included veterans, some of their dependents and some active duty military personnel. All of the data was unencrypted, and it was walked out of the VA on a laptop computer by a consultant who was subsequently robbed. The breach led to a variety of new regulations on the storage and transmission of this type of data. Regulations which – of all agencies – the VA has apparently decided to ignore.

report by the VA’s Inspector General (OIG) has determined that the agency has broken federal regulations on data encryption and transmission. The report determined that the agency has regularly been transmitting unencrypted highly sensitive, personally identifiable information belonging to veterans between certain facilities.

Perhaps even more disturbing is the fact that these transmissions were not a mistake. Upper management at the VA signed off on waivers which allowed these transmissions. Those waivers apparently violated federal law.

According to the VA, the data was not transmitted over the internet. Instead, it was transmitted across the VA’s network. But those network lines are not actually the property of the VA. The lines are supplied by various regional and national telecommunications providers outside of the VA’s control.  The report acknowledges this and states that this type of transmission can be compromised and could jeopardize the entire VA network. OIG investigators are concerned that hackers could learn enough about how the VA’s network functions that they could then steal more information and even take the entire network down.

This particular blunder took place in the Midwest and impacts veterans in Iowa, Minnesota, Nebraska, North Dakota, South Dakota and parts of Illinois, Kansas, Missouri, Wisconsin, and Wyoming. The overall size of the violation is unknown at this time. It was discovered during investigations of medical facilities in Nebraska and South Dakota, but investigators believe that it could be much larger.

It is very clear that the VA has not learned from its prior experiences. But what’s really frightening is that the government is now pushing insurance providers and doctors to move to electronic medical records for all of us. If this breach is any indication of what is to come, we are all in for a very rough time.

_________________

Jim Malmberg, ACCESS, American Consumer Credit Education Support Services, is a non-profit, tax exempt 501(c)(3) consumer advocacy group whose primary purpose is to disseminate credit education information and assistance to the general public, visit www.GuardMyCreditFile.org

You may also enjoy reading

  • child handprints

    Identity Theft: Foster Children at Risk of ID Theft

    I've talked before about the horrible act of stealing the identity of children. Identity thieves and sometimes even parents steal a child's unused Social Security number because it provides them with a clean credit report; the number can be used with any name and date of birth because no credit history files exist that tie it to the child's identity. There's one group of children that's at an even higher risk than others, and unfortunately these are the children who need a safe and trustworthy environment more than anyone else. ... Continue Reading

  • Medical Identity Theft

    Medical Identity Theft – A Rising Fraud with Adverse Effects

    Medical identity theft is among the most devastating and dangerous of identity-related crimes perpetrated against consumers. It occurs when someone misrepresents who they are in order to obtain health-related services. When someone steals your medical identity your Personal Health Information (PHI) can become contaminated with the thief’s medical information. This can lead to misdiagnosis and potentially put your life at risk. ... Continue Reading

  • Medical Identity Theft

    Preventing Medical ID Theft: Are You At Risk of Becoming a Victim?

    Preventing medical ID theft has become a hot topic as Americans increasingly hear about the safety of their private medical records as more medical breeches continue to be discovered. Medical ID theft happens when a person uses someone’s identity to obtain medical services or steal money by falsifying claims for medical services. Identity thieves use a person’s Social Security number, insurance information, or other forms of identification to commit the medical ID theft. ... Continue Reading

  • usingCC online

    Data Breach: Should You Be Concerned If Only Your Email Address is Exposed?

    60 million email addresses from 19 organizations were exposed during the Epsilon breach. 114,000 email addresses of Apple iPad users were exposed during the AT&T network hack. 90,000 email addresses belonging to military personnel were exposed through criminal intrusion on Booz Allen Hamilton. Reports of hacking incidences have become commonplace. ... Continue Reading

  • DataTheft

    Data Theft Doesn’t Always Mean Being Hacked

    Recently UCLA announced 16,000 patients were potential victims of identity theft because a doctor’s home office was broken into and burglarized. This is an unfortunate example of an employee taking home a laptop or storage device from the office resulting in a serious data breach. The thief may have no idea what he has in his hands, but the damage is done, the data is breached. ... Continue Reading