VA Worker Took Data Home For Years Before Break-in

The agency admitted it didn't even know if that practice had been approved by the man's superiors.

May 26, 2006

2 Min Read
Network Computing logo

The Veterans Affairs analyst who lost 26.5 million veterans' identities when his home was burglarized had been taking data home since 2003, the department's inspector general said in testimony before Congress Thursday.

The agency admitted it didn't even know if that practice had been approved by the man's superiors.

VA Inspector General George Opfer told a joint hearing of the Senate's Committee on Veterans' Affairs and its Committee on Homeland Security that the unnamed data analyst had apparently taken confidential data home for years.

"The employee, a data analyst, was authorized access to sensitive VA information in the performance of his duties and responsibilities. He said that he routinely took such data home to work on it, and had been doing so since 2003," Opfer said during the Thursday hearing.

"The employee told us he took the data home for work-related purposes," Opfer continued, talking of the ongoing investigation his office is conducting. "However, none of his supervisors we talked to said they were aware that the employee had taken the file containing approximately 26.5 million veterans’ records to his residence."Opfer's testimony was almost as much about what the VA now knows -- three weeks after the break-in -- as what it doesn't know.

"We are also identifying what VA electronic data the employee stored at his home, whether the employee had an official need for the data, why he took it to his home, and who in his supervisory chain approved or had knowledge that he had done so."

Opfer also laid out a string of criticism of his agency's IT security to the Senate, repeating what he'd said in a briefing report filed this week that said he'd noted "material weaknesses" in the VA's security provisions since 2001.

"The VA is at risk of denial of service attacks, disruption of mission-critical systems, and unauthorized access to sensitive data," he said at the hearing.

"By not controlling and monitoring employee access, not restricting users to only need-to-know data, and not timely terminating accounts upon employee departure, VA has not prevented potential risk," he went on.On Thursday, authorities also announced a $50,000 reward for the return of the laptop and external hard drive stolen from the analyst's home on May 3. The VA employee lives in Aspen Hill, a Maryland suburb north of Washington D.C. The Montgomery County police department's Crime Solvers program is taking calls at 866-411-8477 for the reward, which was posted by the VA and the FBI.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights