Data breach exposes 4 million veterans
ROS sends a link to the news that some bonehead contractor had computer back up tapestolen which has exposed nearly 5 million veterans’ personal information to fraud;
The information for some 4.6 million active and retired military personnel, as well as their families, was on back up-tapes from an electronic health care record used to capture and preserve patient data from 1992 through September 7 of this year, according to Science Applications International Corp (SAIC).
The families used the federal government’s TRICARE health provider. SAIC is the suburban Washington firm that handles military health provider TRICARE’s data.
The tapes went missing on September 14 when they were “among items stolen from an employee’s car in San Antonio,” SAIC spokesman Vernon Guidry told Reuters.
Yeah, it happened more than two weeks ago, so why are we just finding out about it now?
The SAIC statement said the company withheld information about the breach until Thursday so it could “determine the degree of risk this data loss represented before making notifications” so as “to not raise undue alarm in our beneficiaries.”
Yeah, why don’t you let us beneficiaries evaluate the risk for ourselves – when it happens.
It seems to me that this stuff happens every year – and it’s always a contractor. WHy were the tapes left unattended in a car if the contractor was transferring the tapes between facilities?
That’s why I have LifeLock, because the government isn’t a good steward of my personal information.
Category: Veterans Issues
Fist of all I work in IT so I understand about security. It should be criminal that backup tapes are in the back of an employees car. That’s bad enough, then to have unencrypted tape too. I assume they are, contractors aren’t real smart about that stuff. Grrrr.
Here’s a thought, if the tapes were in a case it’s likely they were stolen as a snatch and grab, thinking that something inside might be valuable. One of my workers had his car broken into when he left an EMPTY laptop case out in plain sight. If they were in a box that could be looked into, then thye were stolen on purpose.
By the way, SAIC is hardly a “suburban Washington firm.” SAIC was founded in LaJolla, California where its international headquarters still resides. In the mid-eighties, then Science Applications Incorporated (SAI) was reorganized as a Virginia corportaion and took the name they now use. I worked for their Orlando, FL division from 1982 to 1988, when I went on active duty in the Marines.
They are a very diverse multi-billion dollar corporation that has been involved in one way or another with data processing, computer engineering, etc. for decades. They’re not some mom-and-pop operation working out of somebody’s garage as the article seems to imply, and they certainly should know better. They should be held liable to the full extent permitted by law.
Having veterans/SM’s personal data stolen is an annual event.
I wonder if this particular contractor (soon to be unemployed and unemployable in the field) was working on one of Jonn’s pet projects: the merging of DA/DAF/DON medical records with the VA’s?
Note to self: send another resume to SAIC.
Correction to my previous post: SAIC was reorganized in Delaware, not Virginia during 1982. The McLean, VA office is one of the oldest and largest branch offices of SAIC.
Aaaaaaand they’re going to fix this how?