A report released on Tuesday from VA Inspector General George Opfer stated that the U.S. Department of Veterans Affairs failed to understand the significance of the data breach in early May and responded with “indifference and little sense of urgency.”A GovExec.com article states the 78-page report reviewed the circumstances surrounding the May 5 theft of a laptop computer and external hard drive from the home of a data analyst who had worked at the VA for 34 years. The stolen equipment contained personal information on more than 26 million veterans.Opfer found that while the analyst was authorized to access and use the database, he did not have permission to take the information home, and he failed to encrypt it or protect it with a password, GovExec.com reports.Additionally, the analyst’s supervisors told inspectors they were not even aware that he was working on the project, but said if they had known, they would not have allowed him to take the data home. The report also states department policies for protecting personal and proprietary data were not followed. However, none of the policies prohibits removal of protected information from the work site. Opfer also said these information security weaknesses have yet to be corrected.Opfer’s report recommended that VA Secretary James Nicholson take whatever administrative action he thinks is appropriate against employees involved, establish clear and concise information security policies, and modify cybersecurity and privacy training, according to GovExec.com. GovExec.com reports House Veterans’ Affairs Committee Chairman Steve Buyer, R-Ind., said in a statement that the report reiterates what was learned in a series of committee hearings, specifically that “weak information security policies and a lack of central authority over information management left the department vulnerable to massive breaches.”Rep. Lane Evans, D-Ill., a ranking member of the committee, said the “utterly dysfunctional leadership” was one of a series of failures resulting in the data breach, and Nicholson’s next steps must include a review of why his managers and advisers “botched it and failed to report the matter to him.” Compiled by Paul KersteinFor more information, read Data Breach at the VA and When the Dike Breaks: Responding to the Inevitable Data Breach.Keep checking in at our Security Feed for updated news coverage. Related content news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Android Security Mobile Security news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management news Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements Open letter claims current provisions will create new threats that undermine the security of digital products and individuals. By Michael Hill Oct 03, 2023 4 mins Regulation Compliance Vulnerabilities opinion Cybersecurity professional job-satisfaction realities for National Cybersecurity Awareness Month Half of all cybersecurity pros are considering a job change, and 30% might leave the profession entirely. CISOs and other C-level execs should reflect on this for National Cybersecurity Awareness Month. By Jon Oltsik Oct 03, 2023 4 mins CSO and CISO Careers Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe