Shocking, right? Well, it's even more shocking when you consider it had happened before. Less than a year earlier, another VA employee in the Washington, D.C., area brought home a laptop computer that held the names, birth dates, and Social Security numbers of 26.5 million veterans, only to have it stolen from his house. When one chagrined U.S. Senator pronounced the incident "absolutely baffling," then-VA secretary Jim Nicholson assured Congress he was "mad as hell" and vowed to aggressively reform security practices. Another federal agency set new guidelines for the handling of portable computers, including the use of special encryption technology to keep unauthorized people from accessing sensitive data.
But the computer lost in Alabama wasn't encrypted. Neither was a laptop stolen from the car trunk of a researcher at the National Institutes of Health in February. That laptop had detailed information -- names, birth dates, medical histories -- on 2,500 patients enrolled in a federal medical study. (In a twist you couldn't make up, one of them was Texas Congressman Joe Barton, who also happens to be the founder of the Congressional Privacy Caucus. "I was stunned," Barton said.)
The San Diego-based Identity Theft Resource Center says that 2007 was a banner year for what it calls data breaches, with almost 128 million records reportedly endangered by theft, loss, or hacking. That's more than six times the 20 million exposed records the group counted the previous year. "That's unacceptable," says Ari Schwartz of the Center for Democracy and Technology. "People should be angry."
No one has yet reported being victimized as a result of government sloppiness, but it's only a matter of time: Identity theft is the No. 1 fraud complaint registered by consumers, according to the Federal Trade Commission. Scam artists who steal personal data can easily use it to make some cool cash -- and wreck your life in the process. Data thieves can sign up for credit cards, take out loans, and even receive medical treatment and stick you with the bill -- or commit a crime and then hand your information over to the cops. Have fun clearing that from your record!
Portable computers have raised the risk. About one in five of the cases registered by the Identity Theft Resource Center so far this year involves a stolen or lost laptop. There was the U.S. Transportation Department laptop with data on 133,000 people that was swiped in July 2006 after a Miami-area employee left it in the back of his SUV when he went to lunch. In South Bend, Indiana, last November, a Memorial Hospital employee lost a laptop containing names, addresses, and Social Security numbers of more than 4,300 current and retired employees after reportedly giving it to a flight attendant to stow before takeoff.
It's not just our personal information, by the way, but also data with possible law enforcement or national security importance. A 2007 Justice Department audit found that the FBI was somehow losing 2.6 laptops per month, many with sensitive or classified information. More than 1,400 Energy Department laptops went missing in a six-year period, according to another audit. So much for homeland security.
Despite growing awareness of the problem, real safeguards are not in place. A February report by the Government Accountability Office found that only two of 24 agencies the GAO reviewed had implemented all the security measures recommended by the government. So it shouldn't be a surprise that the GAO also found that at least 19 of 24 agencies had experienced one or more breaches that could expose people's personal information to identity theft.
The same infuriating irresponsibility exists in the private sector: In March 2007, retailers T.J. Maxx and Marshalls admitted that 45 million debit and credit card numbers had been nabbed from their computer systems by hackers who most likely got it all wirelessly.
These kinds of incidents will continue until companies and the government take data privacy more seriously, says Linda Foley of the Identity Theft Resource Center. "People will take data home. It's just the way we are now," she says. "But there should be policies and procedures to protect this information, and they're lacking across the board." (Experts say banks and other financial institutions have generally been a happy exception to that rule.)
One step, which all but 11 states have taken, is for companies and the government to notify the public when their data has been put at risk. But it took the VA three weeks to warn vets after its first major laptop loss -- a reminder that it's time for Washington and corporate America to get off their rears and pay more attention to the private data sitting in their laps.
Do More…
While you may not be able to stop government carelessness, you can protect yourself against ID theft.
• Shred credit card information or any document with your Social Security number before throwing it away. • Make lists of your credit cards and emergency phone numbers in case your wallet is lost or stolen. • Check bank and credit card statements for suspicious charges, and order a copy of your credit report annually.
Original here
No comments:
Post a Comment