In the latest laptop data theft, the Veterans Administration says that 26.5 million veterans' personal information is at risk because of a burglary at an employee's home.
According to the VA, the employee, a data analyst residing in suburban Maryland, saved the information on disk "in violation of policy," and took the data home with him to use on his laptop. The employee's home was burglarized, and the laptop was stolen.
The unidentified analyst was placed on leave "pending review," according to Veterans' Affairs Secretary Jim Nicholson, who said the employee's home had been burglarized on previous occasions..
The VA has launched an investigation in conjunction with the FBI and local law enforcement agencies, Nicholson said.
According to the notice the VA prepared for those affected by the data breach, "no electronic medical records were compromised" in the theft. However, the data did include names, addresses, Social Security Numbers, and some information relating to individuals' disabilities.
The VA was notifying individual beneficiaries and Congressmen of the theft, according to the press statement, and was in the process of setting up a toll-free hotline and Web site to address questions about the theft.
Coincidence or Not?
It's worth noting that virtually all of the public cases of laptop theft seem to follow the same pattern -- an employee takes home unsecured data and ends up losing the laptop.
In the last seven months, there has been an explosion of reported cases of laptop thefts and losses, all of which contained valuable personal data that put millions of people at risk. Notable cases included Hewlett-Packard, the Ford Motor Company, Ameriprise, and Verizon.
In early May 2006, Wells Fargo joined the ranks of companies that had suffered a data breach due to a stolen laptop.
The increase in corporate and governmental laptop losses comes at a time when individual Americans are getting much smarter and more responsible about protecting their data from fraud or identity theft.
A recent poll conducted by Harris Interactive and the Wall Street Journal found that 7 out of 10 Americans are taking measures to protect themselves, including shredding credit card offers, limiting access to their Social Security numbers, and conducting fewer banking transactions online.
In every public case, company representatives insist the laptops are stolen simply for their resale value, as opposed to the data they contain.
The more skeptical might say that as consumers get smarter about not sharing their information on the Web, enterprising hackers and data thieves are taking advantage of other holes in the security fence -- namely slipshod government and business policies.
Whether it's a criminal conspiracy or good old-fashioned incompetence, public and private agencies are not adequately protecting the personal information that's entrusted to them and, in many cases, are less than forthcoming about the circumstances surrounding laptop losses.