[Dataloss] (article) "We recovered the laptop!" ... so what?

lyger lyger at attrition.org
Thu Feb 8 00:03:02 EST 2007


http://attrition.org/dataloss/forensics.html

Wed Feb 07 21:55:51 EDT 2007
Jericho and Lyger

  In May of 2006, the United States Department of Veterans Affairs publicly 
disclosed the fact that "Personal data on about 26.5 million U.S. military 
veterans was stolen from the residence of a Department of Veterans Affairs 
data analyst who improperly took the material home", prompting a mass 
concern that the information, if in the wrong hands, could have led to 
multiple cases of identity theft. At the very least, the fear that even a 
government entity could have let such sensitive data fall into the wrong 
hands led many to wonder about the data security of less protected 
sources. The additional fact that the breach wasn't disclosed for almost 
three weeks after the theft did little to initially ease those fears.

Weeks later, the stolen laptop and hard drive were recovered from the back 
of a truck at a black market sale and sent to the United States Federal 
Bureau of Investigation for analysis. At the end of June 2006, the FBI 
issued a declaration that "the personal data on the hardware was not 
accessed by thieves" to which VA Secretary R. James Nicholson stated "This 
is a reason to be optimistic. It's a very positive note in this entire 
tragic event." The question that needs to be asked, however, is how could 
they be absolutely sure that the data wasn't accessed? Simply because the 
FBI said so?

[...]


More information about the Dataloss mailing list