VA still lags on encryption

By Taylor Armerding CSO November 30, 2012

More than six years after the Veterans Administration (VA) suffered one of the worst data breaches in history, it is still a long way from closing off the vulnerability that made the breach possible: lack of encryption.

It was on May 3, 2006, that a laptop and external hard drive containing an unencrypted national database with names, Social Security numbers, dates of births, and some disability ratings for 26.5 million veterans, active-duty military personnel and spouses was stolen from a VA analyst’s Maryland home

The laptop was returned almost two months later by an unknown person, but the VA still spent about $20 million to notify those whose information had been compromised and for credit monitoring.

Three months later, in August, the VA secretary ordered the agency’s Office of Information Technology (OIT) to upgrade all VA lap and desktop computers with enhanced data security encryption software.


______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More!