Skip Links

VA to pay $20M to settle data theft case

By Layer 8 on Wed, 01/28/09 - 9:11am.

The Department of Veterans Affairs has agreed to pay $20 million to military personnel to settle one of the government's most high profile and embarrassing data theft cases. 

The VA data theft in 2006, involved the theft of a laptop from an employee's home that contained the unencrypted personal records of 26.5 million military veterans and their spouses.  The breech lead to several new laws concerning how the government and public companies are to treat such breeches.  The laptop was ultimately recovered and the VA maintains that no personal data was ever compromised.

The invasion of privacy class action settlement says veterans who show harm from the data theft will be able to receive payments ranging from $75 to $1,500. If any of the $20 million is left over after making payments, the leftovers would be donated to veterans' charities.

While the VA case generated a lot of animosity and some changes, when it comes to securing private information the US government still has a long way to go.  A Government Accountability Office report last year  found that only 2 of 24 agencies it had implemented all of the security requirements mandated by the Office of Management and Budget last year to protect personal information.

According to the GAO report the Treasury Department and the Department of Transportation had implemented the strongest security while National Science Foundation and the Small Business Administration were worst. 

This month the GAO singled out the IRS saying that while the agency has made some progress in protecting and securing its data, the IRS continues to jeopardize the confidentiality, integrity, and availability of financial and sensitive taxpayer information.

Until these weaknesses are corrected, the agency remains particularly vulnerable to insider threats and is at increased risk of unauthorized access to and disclosure, modification, or destruction of financial and taxpayer information, as well as inadvertent or deliberate disruption of system operations and services.

  

Layer 8 in a box

Check out these other hot stories:

FTC slaps Do Not Call Violators with $1.2 Million in penalties

Go fly yourself: Unmanned aircraft technology puts twist on self-flight

Fighting toxic chemicals to fixing cyber infrastructure: The government's top 10 trials and tribulations

How to move a boat without an engine, paddles or sails

Cisco scammer gets 5 years in jail

Complex IT challenges will hinder online healthcare move

Feds to offer cash for your clunker

Government spends over $30 million to sharpen cyber security saber

Watchdogs bite IRS for continued security lapses

FBI/DOJ warns of economic cybergeddon

Beam up my shape shifting robot Scotty: Layer 8's Best of 2008

Ducks, dorks and deviants: Wackiest stories of 2008