Kaymara
06-30-2006, 09:23 AM
FBI: Initial tests show veterans' information not accessed
Friday, June 30, 2006; Posted: 4:12 a.m. EDT (08:12 GMT)
WASHINGTON (CNN) -- A laptop computer and external drive containing personal data on more than 26 million veterans and active duty military personnel have been recovered, officials said Thursday.
The items were stolen last month from the home of a Veterans Affairs Department analyst.
FBI forensic experts conducted initial tests on the computer and external drive that showed nothing had been accessed, but forensic examinations are still under way to ensure the integrity of the data.
"Everything was there. ... There is reason to be optimistic," FBI spokeswoman Michelle Crnkovich said.
Rep. Steve Buyer, chairman of the House Veterans Affairs Committee, said the discovery "provides reason to be optimistic.
"However, the basic deficiencies leading to this data loss must be corrected," the Indiana Republican said in a statement.
Veterans Affairs Secretary Jim Nicholson announced the recovery of the items during testimony Thursday at a committee hearing examining the incident.
"If there's a redeeming part of this, I think we can turn this around," Nicholson said, according to The Associated Press.
Buyer said panel members were focusing on "oversight of information mismanagement within the Department of Veterans Affairs."
He said the panel sought to "make certain changes are made that will ensure this does not occur again."
The equipment was taken May 3 from the house of the employee, who the agency said had no clearance to take it home.
It was returned Wednesday to the FBI's field office in Baltimore, Maryland, after someone tipped off the U.S. Park Police, said FBI spokesman Bill Chase at a briefing in Calverton, Maryland.
Chase said the investigation was still under way and would not name the person who provided the tip.
The VA offered a $50,000 reward for the equipment's recovery, but it was unknown whether the tipster qualified.
No arrests have been made.
The laptop contained information on 1.1 million active service members, 430,000 National Guardsmen, 645,000 Reserve members and the names, birth dates and Social Security numbers of about 26 million people, most of them veterans.
The VA said May 30 the analyst who took the laptop home would be dismissed due to a lack of proper clearance.
Permission or not?
Documents released Thursday by Democratic committee staffers show the analyst -- lead programmer within the Policy Analysis Service -- was permitted to take the laptop home for "work-related projects."
The documents, which edited out the analyst's name, were dated September 5, 2002. They included a property pass allowing the laptop and accessories to be removed from the building and a second document permitting the analyst to access Social Security numbers.
Under questioning by Rep. Bob Filner, a California Democrat, Nicholson said he had not previously seen the documents and requested to not comment further on the analyst.
Filner told Nicholson the incident was the "biggest data loss in federal history" and represented "gross negligence."
Filner criticized the amount of time that passed between the theft and when the secretary was informed.
"[The analyst] notified the police 52 minutes after the theft occurred, and your guys didn't notify you until 13 days afterwards -- I don't know what's more gross. I think there's more gross negligence from the uppers than from the bottom," Filner said at the hearing.
Nicholson announced the theft to the public May 22.
Other breaches revealed
Information about two other VA security breaches surfaced at Thursday's hearing.
In 2005, a VA worker in Minneapolis, Minnesota, placed medical documents from 66 patients in the trunk of a car, which was later stolen.
The sensitive medical information in the car included Social Security numbers, dates of birth and addresses. The 66 patients are being offered credit monitoring.
Another incident involved a backup tape with two weeks' worth of data that went missing May 5 in Indianapolis, Indiana, said Tim McClain, the department's general counsel.
He said the tape included information for an entire region, including states Ohio, Michigan, Kentucky and Indianapolis.
The department has listed the tapes as "missing," not "stolen," and an investigation is under way to locate them, McClain said.
It was also revealed at the hearing that Pedeo Cadenas, the VA's chief information security officer, resigned via e-mail 30 minutes before the proceeding began. Nicholson told the committee he was unaware of that.
Cadenas was in charge of electronic information security and conducted forensic testing, an integral component in the stolen laptop investigation, said Bob Howard, senior adviser to the VA's deputy secretary.
Before Cadenas resigned, Howard said Cadenas sent him two letters explaining that his intense work schedule -- sometimes seven days a week -- had put extra pressure on him and was affecting his family life.
Friday, June 30, 2006; Posted: 4:12 a.m. EDT (08:12 GMT)
WASHINGTON (CNN) -- A laptop computer and external drive containing personal data on more than 26 million veterans and active duty military personnel have been recovered, officials said Thursday.
The items were stolen last month from the home of a Veterans Affairs Department analyst.
FBI forensic experts conducted initial tests on the computer and external drive that showed nothing had been accessed, but forensic examinations are still under way to ensure the integrity of the data.
"Everything was there. ... There is reason to be optimistic," FBI spokeswoman Michelle Crnkovich said.
Rep. Steve Buyer, chairman of the House Veterans Affairs Committee, said the discovery "provides reason to be optimistic.
"However, the basic deficiencies leading to this data loss must be corrected," the Indiana Republican said in a statement.
Veterans Affairs Secretary Jim Nicholson announced the recovery of the items during testimony Thursday at a committee hearing examining the incident.
"If there's a redeeming part of this, I think we can turn this around," Nicholson said, according to The Associated Press.
Buyer said panel members were focusing on "oversight of information mismanagement within the Department of Veterans Affairs."
He said the panel sought to "make certain changes are made that will ensure this does not occur again."
The equipment was taken May 3 from the house of the employee, who the agency said had no clearance to take it home.
It was returned Wednesday to the FBI's field office in Baltimore, Maryland, after someone tipped off the U.S. Park Police, said FBI spokesman Bill Chase at a briefing in Calverton, Maryland.
Chase said the investigation was still under way and would not name the person who provided the tip.
The VA offered a $50,000 reward for the equipment's recovery, but it was unknown whether the tipster qualified.
No arrests have been made.
The laptop contained information on 1.1 million active service members, 430,000 National Guardsmen, 645,000 Reserve members and the names, birth dates and Social Security numbers of about 26 million people, most of them veterans.
The VA said May 30 the analyst who took the laptop home would be dismissed due to a lack of proper clearance.
Permission or not?
Documents released Thursday by Democratic committee staffers show the analyst -- lead programmer within the Policy Analysis Service -- was permitted to take the laptop home for "work-related projects."
The documents, which edited out the analyst's name, were dated September 5, 2002. They included a property pass allowing the laptop and accessories to be removed from the building and a second document permitting the analyst to access Social Security numbers.
Under questioning by Rep. Bob Filner, a California Democrat, Nicholson said he had not previously seen the documents and requested to not comment further on the analyst.
Filner told Nicholson the incident was the "biggest data loss in federal history" and represented "gross negligence."
Filner criticized the amount of time that passed between the theft and when the secretary was informed.
"[The analyst] notified the police 52 minutes after the theft occurred, and your guys didn't notify you until 13 days afterwards -- I don't know what's more gross. I think there's more gross negligence from the uppers than from the bottom," Filner said at the hearing.
Nicholson announced the theft to the public May 22.
Other breaches revealed
Information about two other VA security breaches surfaced at Thursday's hearing.
In 2005, a VA worker in Minneapolis, Minnesota, placed medical documents from 66 patients in the trunk of a car, which was later stolen.
The sensitive medical information in the car included Social Security numbers, dates of birth and addresses. The 66 patients are being offered credit monitoring.
Another incident involved a backup tape with two weeks' worth of data that went missing May 5 in Indianapolis, Indiana, said Tim McClain, the department's general counsel.
He said the tape included information for an entire region, including states Ohio, Michigan, Kentucky and Indianapolis.
The department has listed the tapes as "missing," not "stolen," and an investigation is under way to locate them, McClain said.
It was also revealed at the hearing that Pedeo Cadenas, the VA's chief information security officer, resigned via e-mail 30 minutes before the proceeding began. Nicholson told the committee he was unaware of that.
Cadenas was in charge of electronic information security and conducted forensic testing, an integral component in the stolen laptop investigation, said Bob Howard, senior adviser to the VA's deputy secretary.
Before Cadenas resigned, Howard said Cadenas sent him two letters explaining that his intense work schedule -- sometimes seven days a week -- had put extra pressure on him and was affecting his family life.