Reference no: EM133140262
On May 3, 2006, a data analyst at Veterans Affairs had his computer equipment stolen from his home in Montgomery County, Maryland. The analyst's hard drive contained unencrypted information on 26.5 million people. The unencrypted data included:
Names
Social Security numbers
Dates of birth
Disability ratings
The majority of data was tied to veterans and their spouses. The analyst reported the crime to the Maryland police and his supervisors at Veterans Affairs. The supervisors did not report the theft to the Veterans Affairs' Secretary until May 16. On May 17, 2006, the FBI was informed of the breach and began working with local police to investigate the crime.
Police eventually recovered the stolen laptop and hard drive. The FBI performed a forensic examination on the computer equipment and reported that no data had been compromised.
Case Questions
What are the federal requirements today to protect personal information and respond to data breaches?
What were some of the information security and privacy issues making VA and its assets more susceptible to attacks?
What progress has VA made in implementing improved security and privacy controls since 2006?
What role could leadership have played to minimize organizational risk and impact?