To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39165654,00.htm

Hard drive goes awol with US vets' data
Missing in action...

By Anne Broache

Published: Tuesday 06 February 2007

The US Department of Veterans Affairs (VA) has launched an investigation into a portable hard drive that went missing late last month from an Alabama medical facility and may contain personal data on as many as 48,000 veterans.

The department said the external drive, which was used to back up an employee's computer at the Birmingham VA Medical Center, was reported missing on 22 January and may have been stolen. The VA's Office of Inspector General opened an investigation one day after hearing of the breach and notified the FBI.

VA secretary R James Nicholson said in a press release: "We intend to get to the bottom of this, and we will take aggressive steps to protect and assist anyone whose information may have been involved."

The VA's Office of Information and Technology is doing its own review, and the employee computer for which the back-up drive was typically used is undergoing analysis for clues about what the hard drive may have contained.

Representative Spencer Bachus, whose district includes Birmingham, said his office's initial indication was that as many as 48,000 records may have been compromised, with as many as 20,000 not encrypted. A VA spokesman said he could not confirm that number because the investigation was still in process. He said the department currently has no indication that any personal information was used improperly but is prepared to offer assistance to anyone found to have been affected by the breach.

The episode follows the high-profile theft last May of a laptop and an external hard drive that housed sensitive information about more than 26 million veterans and active military personnel. The equipment, pilfered from the Maryland home of a VA employee, was ultimately recovered and two teens were arrested in connection with the incident in August.

The VA also investigated reports last August of a theft of a desktop machine from the offices of Unisys, a subcontractor hired to assist with insurance collections for VA medical centres in Pennsylvania. The agency estimated that the computer contained information on about 38,000 veterans, including 2,000 who were deceased.

Incidents at the VA and other US federal agencies have prompted calls for better data security practices from Congress. After the first theft, the VA announced a multi-step plan, including installing encryption software on all of its laptop and desktop machines.

Anne Broache writes for CNET News.com