ID theft scandal reveals 'persistent and longstanding


ID theft scandal reveals 'persistent and longstanding

Tash Shifrin

Investigators looking into the theft of US Department for Veterans Affairs data on 26.5 million former soldiers have slammed the department’s “persistent, longstanding” information security weaknesses.

The criticism came at US Congress hearings following last month’s theft of VA department records – including the names, social security numbers and dates of birth of 26.5 million veterans – from the home of one of the department’s data analysts.
The Government Accountability Office and Veterans Affairs inspector general told how an investigation into the scandal had revealed warnings that were ignored, weak management and lax rules.

The VA department had routinely failed to control and monitor staff access to confidential data, did not operate "need-to-know" restrictions and often failed to close the accounts of staff who had left quickly enough, the investigators said. Nor did the department have a clear chain of command for enforcing security measures.
Linda Koontz, a director on information management at GAO, told a congress committee, “Much work remains to be done. Only through strong leadership, sustained management commitment and effort, disciplined processes, and consistent oversight can VA address its persistent, long-standing control weaknesses.”

The VA’s chief information officer lacked power to enforce security, and the department had a culture that was resistant to change, she warned.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy