VA Laptop Didn’t Inhale
by matt at 6:00 am on June 30th, 2006 in GeneralA few weeks ago, the Veterans Administration received a big black eye when it was discovered that a laptop chock full of veterans’ personal information had been stolen. The laptop has been recovered, and something smells fishy:
The government has recovered a stolen laptop computer and external hard drive that contains the birthdates and Social Security numbers for millions of veterans and military personnel, the Department of Veterans Affairs said Thursday.
The Federal Bureau of Investigation said in a statement from its Baltimore field office that it appeared that the data had not been copied or misused.
“A preliminary review of the equipment by computer forensic teams has determined that the database remains intact and has not been accessed since it was stolen,” the statement said.
Now I know we have tech expert readers, and I want to know if the FBI statement is plausible, because reputation and a lot of money is at stake:
The department offered to pay for a year of free credit monitoring for the veterans, which it said would cost about $160.5 million. The director of the White House Office of Management, Rob Portman, suggested Wednesday that the department pay for such monitoring with about $130 million from a food stamp employment and training program, a farmers’ assistance program, student loans and a program for young people released from prison.
It’s cute that they were going to penalize food stamp recipients and students for the VA’s mistake, and now that they are claiming that the data is intact and un-viewed / un-copied, it’s kind of a “no harm, no foul” situation for them. But is it really? If someone hooked up the drive and computer to another device (iPod / flash drive / hard drive) would that even leave a record behind?
Winux wrote:
The FBI statement that the data was not accessed is not plausible. It is entirely possiblet to remove the hard drive from the laptop, clone it, and then re-insert it back into the laptop. This would make it look like nothing was done.
What is more disturbing is the fact that no arrest was made. I think someone is covering up for someone, and that this was all an inside job……
Posted 30 Jun 2006 at 6:25 am ¶
marc wrote:
I’m still wondering about the person who returned it. How did the laptop just “turn up”? And did they get the $50,000 reward money?
Posted 30 Jun 2006 at 7:15 am ¶
sarabeth wrote:
WaPo:
Posted 30 Jun 2006 at 7:47 am ¶
GG wrote:
If someone just connected an external storage (like a flash drive or even those USB storage keys) and copied all the data on that, nobody would be able to tell.
What sounds weird to me in first place is: why would anybody keep that much data (26.5m records) on a laptop hard drive? That’s too much data to be kept on a laptop. Usually, this kind of data is kept in database servers to which people are given access permissions to run queries and retrieve a part of data when they want.
Even if the person had permission to take the laptop home, they would be able to connect to the database servers remotely and do whatever they want. Still doesn’t make sense to keep all that data on your laptop (unless they intentionally want to lose sensitive data…).
Posted 30 Jun 2006 at 9:57 am ¶