To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39161347,00.htm

Veterans get free ID monitoring in wake of breach
Mind your data...

By Candace Lombardi

Published: Friday 11 August 2006

The US Department of Veteran Affairs announced on Wednesday it has accepted an offer from an analytics company to monitor veterans' personal data for free, following the theft of a device containing personal information on about 26.5 million veterans.

Until a routine security audit is approved, the agency will hand over the data, which was breached as a result of a laptop theft, to ID Analytics. The California-based company, which specialises in identity risk management, will look for patterns of misuse.

ID Analytics said it is offering its service to veterans for free in an effort to get out the word on its new technology.

Using its own Graph Theoretic Anomaly Detection technology, ID Analytics promises to trace and map the life of any identity it is given, as well as of identities or institutions associated with that individual. It then analyses the map for anomalous activity in behaviour patterns.

Mike Cook, a vice president at ID Analytics, said: "You can't detect fraud by looking at one person. You look at the person and their relationships, and how those have moved across the time, and what kind of pattern that might create."

The company does this by analysing the data inside something it calls the 'ID Network'. This is a gigantic database that contains information from participating credit card companies, financial institutions, telecom companies, retail lenders, government agencies and, soon, healthcare agencies. ID Analytics started the ID Network about four years ago. It now contains more than three billion "identity elements" that cover where and how personal details have been used over time, Cook said.

The company has strict policies on security and secrecy. Unlike many credit monitoring and reporting agencies, it does not sell or share any of the personal information it collects. It also keeps all of its data encrypted, Cook said.

Jay Foley, executive director of the Identity Theft Resource Center, said: "What impresses us most about them is that data goes in and data does not come back out."

The VA laptop at the centre of the controversy was stolen in May and recovered in June. Its suspected thieves were arrested on Saturday. The suspects claimed ignorance of the stolen laptop's sensitive contents.

Earlier this week, in related news, the VA reported a desktop PC containing personal data on as many as 38,000 US military veterans had disappeared from subcontractor Unisys.

Candace Lombardi writes for CNET News.com