By Department of Veterans AffairsFebruary 5, 2007
WASHINGTON (Army News Service, Feb. 5, 2007) - The Department of Veterans Affairs announced last week that an employee reported a government-owned, portable hard drive used by the employee at a department facility in Birmingham, Ala. - and potentially containing personal information about some veterans - is missing and may have been stolen.
"I am concerned about this report," said Jim Nicholson, Secretary of Veterans Affairs. "VA's Office of Inspector General and the FBI are conducting a thorough investigation into this incident. VA's Office of Information and Technology is conducting a separate review. We intend to get to the bottom of this, and we will take aggressive steps to protect and assist anyone whose information may have been involved."
The Birmingham VA Medical Center employee reported that an external hard drive was missing Jan. 22. The hard drive was used to back up information contained on the employee's office computer, and may have contained data from research projects the employee was involved in. The employee also indicated the hard drive may have contained personal identifying information on some veterans, but asserts that portions of the data were protected. Investigators are still working to determine the scope of the information potentially involved.
Upon notification that the hard drive was missing Jan. 23, the VA's OIG opened a criminal investigation, sent special agents to the medical center and notified the FBI. VA's Office of Information and Technology in Washington, D.C., also dispatched an incident-response team to investigate.
The OIG has seized the employee's work computer and is in the process of analyzing its contents. VA IT staff is providing technical support in this effort. Analyzing the work computer may help investigators determine the nature of the information the hard drive potentially contained.
Pending results of the investigation, VA is prepared to send individual notifications and provide one year of free credit monitoring to those whose information proves compromised.
In addition to the ongoing criminal investigation, the OIG has initiated an administrative investigation to determine how such an incident could occur. VA will provide further updates as the investigation produces additional information.
"VA is unwavering in our resolve to be the leader in protecting personal information, and training and educating our employees in best practices in cyber and information security," said Nicholson. "We have made considerable progress, but establishing a culture that always puts the safekeeping of veterans' personal information first is no easy task. I have committed VA to achieving such reform - and we will. This unfortunate incident will not deter our efforts, but it underscores the complexity of the task we have undertaken."