What You Can Learn From the VA's Snafu

By CIOinsight  |  Posted 05-24-2006

It's one of the largest single thefts of personal data ever reported: On Monday, the U.S. Department of Veterans Affairs said that information on more than 26 million veterans was stolen from the home of an agency employee.

The data, stored on a laptop and external hard drive, included veterans' names, birthdates and Social Security numbers, although VA officials said there wasn't evidence that any of the data had been used to steal anyone's identity.

Could such a massive security breach happen at your company? Absolutely, experts say.

"This isn't an anomaly—laptops are lost or stolen all the time," says John Livingston, CEO of Absolute Software, a Vancouver, Canada, firm that provides laptop recovery and tracking services. "The world is getting more portable and mobile, so the problem isn't going away." According to Safeware, a Columbus, Ohio-based company that sells insurance for laptops, about 600,000 portable computers are stolen each year in the U.S.

In fact, some are surprised that the wholesale loss or theft of high-value data doesn't occur more frequently.

"Nobody should be surprised about this kind of thing," says Rick LeVine, a senior manager in Accenture's global security practice. "It's going to take several high-profile incidents at Fortune 500 companies to cause people to say, 'Oh, my God, one guy's cell phone can lose us a billion dollars.'"

Here are two key tips from security experts on what companies should be doing to prevent data from unexpectedly walking out the front door.

1. Control data access at the source. Security watchers express amazement that a single individual at the Department of Veterans Affairs was able to access such a huge collection of data, much less carry it home with him.

Read the full story on eWEEK.com: What You Can Learn From the VA's Snafu