[attrition] "We recovered the laptop!" ... so what?
lyger
lyger at attrition.org
Thu Feb 8 00:03:42 EST 2007
http://attrition.org/dataloss/forensics.html
Wed Feb 07 21:55:51 EDT 2007
Jericho and Lyger
In May of 2006, the United States Department of Veterans Affairs publicly
disclosed the fact that "Personal data on about 26.5 million U.S. military
veterans was stolen from the residence of a Department of Veterans Affairs data
analyst who improperly took the material home", prompting a mass concern that
the information, if in the wrong hands, could have led to multiple cases of
identity theft. At the very least, the fear that even a government entity could
have let such sensitive data fall into the wrong hands led many to wonder about
the data security of less protected sources. The additional fact that the
breach wasn't disclosed for almost three weeks after the theft did little to
initially ease those fears.
Weeks later, the stolen laptop and hard drive were recovered from the back of a
truck at a black market sale and sent to the United States Federal Bureau of
Investigation for analysis. At the end of June 2006, the FBI issued a
declaration that "the personal data on the hardware was not accessed by
thieves" to which VA Secretary R. James Nicholson stated "This is a reason to
be optimistic. It's a very positive note in this entire tragic event." The
question that needs to be asked, however, is how could they be absolutely sure
that the data wasn't accessed? Simply because the FBI said so?
[...]
More information about the attrition
mailing list