More on VA Data Theft
27B Stroke 6 as some more on the VA data theft, which contained an immense amount of information on US veterans and active duty military. This whole story is turning in to something very interesting. More specifically, a test case on how not to handle stolen sensitive material.
The FBI has done some forensic work on the laptop and says it can’t find any evidence that the data was accessed. InfoWorld’s Robert Grimes chimes in to say, Rumsfeld style, that the absence of evidence is not the evidence of absence, since any fool could have simply cloned the disk and then accessed the database on the cloned disk.
Now, there’s also some back in forth in the VA about whether the data analyst was authorized to take the data home. The analyst, who has been fired, says he has a letter authorizing him to take the data home, while the VA says the letter is for a different computer.
What really concerns me is this: why was this analyst working with social security numbers on a laptop, rather than in the office while connected to the network? I can not, for the life of me, come up with a good reason for why this analyst was doing what he was doing, with the data that ultimately ended up stolen.