[Dataloss] (article) "We recovered the laptop!" ... so what?
lyger
lyger at attrition.org
Thu Feb 8 00:03:02 EST 2007
http://attrition.org/dataloss/forensics.html
Wed Feb 07 21:55:51 EDT 2007
Jericho and Lyger
In May of 2006, the United States Department of Veterans Affairs publicly
disclosed the fact that "Personal data on about 26.5 million U.S. military
veterans was stolen from the residence of a Department of Veterans Affairs
data analyst who improperly took the material home", prompting a mass
concern that the information, if in the wrong hands, could have led to
multiple cases of identity theft. At the very least, the fear that even a
government entity could have let such sensitive data fall into the wrong
hands led many to wonder about the data security of less protected
sources. The additional fact that the breach wasn't disclosed for almost
three weeks after the theft did little to initially ease those fears.
Weeks later, the stolen laptop and hard drive were recovered from the back
of a truck at a black market sale and sent to the United States Federal
Bureau of Investigation for analysis. At the end of June 2006, the FBI
issued a declaration that "the personal data on the hardware was not
accessed by thieves" to which VA Secretary R. James Nicholson stated "This
is a reason to be optimistic. It's a very positive note in this entire
tragic event." The question that needs to be asked, however, is how could
they be absolutely sure that the data wasn't accessed? Simply because the
FBI said so?
[...]
More information about the Dataloss
mailing list