In Brief
Afterthought Security
What happens when a data breach affects 26 million veterans? Plenty.
By Michael Goldberg
August 01, 2006 — CSO —
In one sense, the case of the Department of Veterans Affairs laptop, stolen from an employee's home and later found, was just one more entry in a list of 224 data breaches since February 2005, according to Privacy Rights Clearinghouse. One could even say the VA joins an eminent list of entities—banks, brokerages, retailers, manufacturers, universities, butchers, bakers and candlestick makers—who have made the Clearinghouse's list (at www.privacyrights.org) since data aggregator ChoicePoint disclosed fraudsters had compromised 145,000 customers' private data.
The VA case had a bigger number—26.5 million veterans, including some active-duty soldiers—and so it sang out for special scrutiny. And so heads rolled. Congress held hearings (at which two smaller VA breaches came to light). Potential victims filed lawsuits.
And, five weeks after the VA warned veterans to watch out for credit card fraud, the Office of Management and Budget ordered all federal agencies to adopt stricter security rules for mobile data, such as encrypting data on mobile computers and mandating two-factor authentication for remote access devices.
Amid the indignation and concerted action, there was a sympathetic sadness to some reports of the VA incident. After all, the employee who brought his laptop home was trying to be productive. And he had permission to work with data from home, The Associated Press reported. He just didn't appear to have security measures in place.
"Isn't that sad," says George Skaff, marketing VP at Digital Persona, a maker of fingerprint readers for computers. CSOs won't be surprised to learn that Skaff's company has fielded many calls recently from state and local government clients that want to comply with federal authentication standards. "Some are spreading the word" about the technology's value, he adds.
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Keeping Your Members Safe from Online Scams and Predators
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- WagerWorks Takes Fraudsters Out of the Game Using iovation
- Implementing Best Practices for Web 2.0 Security
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
