By David Hubler
Oct. 11, 2006
As another instance of data loss at the Department of Veterans Affairs
comes to light, the VAs Office of the General Counsel (OGC) has awarded
a contract to Identity Force for identity theft protection services for
more than 5,700 citizens, 660 of whom were veterans.
The number of individuals who enroll in this opt-in program will
determine the value of the contract, Identity Force said in a statement.
The contract is the result of a May 8 incident in which a backup data
tape was reported missing from the general counsels regional office in
Indianapolis, Ind., said VA spokeswoman Jo Schuda.
She said the missing data contained mostly legal records dating back to
the 1970s. Along with the legal issues there were attorney work
products, she said. The data contained entries for any kind of legal
cases that the attorneys worked on, not necessarily veterans.?
The office sent notification letters this summer to as many of the
individuals involved as possible, she said. But they couldnt find
complete addresses for some because of the age of the cases, Schuda
added. About 2,000 of the more than 7,000 individuals were deceased.
There is no indication any of the affected individuals have suffered
problems as a result of this missing tape, but in order to be doubly
sure we have also purchased the services of ID Analytics to perform data
breach analysis in order to detect any organized misuse of these data,
according to a statement OGC issued today.
Schuda said she did not know if the tape was lost or stolen and whether
it has been recovered.
The incident occurred the same month that a VA laptop PC and disks
containing personal information on 26.5 million veterans were stolen
from an employees home. The FBI later recovered the computer with no
signs that personal data had been compromised.
In August, a laptop containing insurance claims data on about 20,000
veterans who were treated at the Pittsburgh and Philadelphia VA medical
centers was stolen from the Unisys office in Reston, Va. Unisys was
under contract to track the claims.
As a result of those incidents, VA Secretary Jim Nicholson established
the VA information security program, setting standards for accessing
information systems and requiring officials to report compliance
failures or policy violations immediately. He also ordered annual
cybersecurity and privacy awareness training for all VA employees.
Identity Force said that under the terms of the contract, the
Framingham, Mass.-based company is providing the following services:
* Online and toll-free access for individuals to enroll in the Credit
Monitoring Services program.
* Automatic daily monitoring of Equifax, Experian and TransUnion credit
* Alerts of any key changes to credit reports.
* On-demand personal access to credit reports and scores.
* Dedicated fraud resolution representatives available to counsel and
assist victims of identity theft.
* A $20,000 identity theft insurance policy.
Identity theft is the fastest growing crime in the United States, and we
applaud the VA for implementing a response to protect people potentially
affected and to detect attempts to use the lost data to commit fraud,
said Judy Leary, president of Identity Force, in the statement.
This contract is a perfect example of how the federal governments new
blanket purchase agreement for identity theft and credit monitoring
services helps government agencies develop rapid responses to data
losses or security breaches, she said.
Visit the InfoSec News store!