Here is one link to the story, which is everywhere by now:
http://govexec.com/story_page.cfm?articleid=34134&dcn=todaysnews
My question is, what kind of format would you use to make this amount of information managable to get home? A bookcase full of DVDs?
And a follow-up–what kind of memory would you need to have on your home machine to even work with that number of cases?
The name, date of birth, and disability rating presumably don’t take up much space. Let’s give ourselves a large margin of error and say that there was 100 bytes of information for each veteran. That makes 2.65 billion bytes total, or 2.65 gigabytes, to be technical. It would take up only a small fraction of the space on a typical hard drive. Indeed, I presume that the wayward VA employee brought a harddrive home and later it was stolen.
It’s not that much data by modern standards - say 3,000 bytes per vet and you are only talking about 79.5 meg, less than the capacity of an average notebook HD.
That’s 79.5 gig I think you meant to say. 
I think you mean 79.5 gig, but you’re right that this would fit on a fairly standard hard drive; those bus-powered USB hard drives are about 80 gig for the mid-price models.
Does anyone know if the yahoo who took this information home is going to be fired? So far I’ve seen nothing about a name or any punative actions for him.
I think, in private sector, any employee who’s actions were prohibited by policy who then lead to a potential hazard of this magnitude for this many people would be sacked so fast his or her pants would still be in the office while they started collecting unemployment.
(I’m particularly annoyed since I’m one of those millions put at risk by this idiocy.)
I heard on NPR that the employee was placed on administrative leave.
Even though others have demonstrated that space would not be an issue, I am astounded that anyone would download this much data onto their work PC unless they had some sinister motive. If they could download it, they must have access to it on the VA database, and therefore wouldn’t need the whole damn thing on their PC.
I used to pretty regularly deal with a 3-4 gigs of data at home WRT the inventory system for the company I used to work for, and that was about 1/12th of the whole DB. I was working on custom filtering tools, stock balancing tools, stuff like that. When you are writing such things and need sample data you want an offline copy for fear of an error in a query making sweeping changes to the live data on the system.
Like it or not, alot of people do this kind of thing, sometimes to meet deadlines, sometimes to make themselves look good. A little ambition and drive can go a long way, as long as something like the above mentioned theft does not happen.
The story I read in the Washington Post said, “The burglar or burglars took a laptop, an external drive and some coins.” It’s not clear whether the data was on the laptop or the drive. One possible scenario is that the employee hooked up the drive at work, downloaded from the network, then reconnected the drive to his laptop to work offline. There are lots of non-sinister reasons someone would want to do this, in the sense of “stupidly violating policy with the only the best of intentions.” It is not clear whether this person was using the data to develop some sort of report or software, or looking at the data itself.
None of the stories say whether the data was encrypted, or what the employee was doing with it. If this was a sophisticated user, he could have downloaded an entire database and was using a DBMS to work with it. That would not be terribly useful to someone who didn’t know what they were doing. I would be very surprised to find out that the data was in clear text.
My heartburn with all of the media coverage is that if the burglar didn’t know what he had then, he sure knows now.
I skimmed the story, does it say how the data was stolen? Did the whole machine get taken?
If the PC or laptop was stolen there is a chance that the theif wont know what to do with the data, they may just wipe the drive and try to sell the thing as a refurbished computer.
If they stole just the data… how was this found out?
In any case, if the theif didn’t know what he was getting when he stole the machine, he certainly knows now!
CookingWithGas, Wow!
Cooking with Gas, and Uncommon Sense, I see your points about the media coverage, but I don’t think it could have been avoided. The simple number of people at risk because of this data leak is such that I don’t think they could or should keep quiet about it. And since, IIRC, the theft actually took place over a week ago, now, it’s unlikely the thief still has the computer in his or her possession. AIUI most thieves want to turn things over ASAP. It may well be that the person who does have the computer won’t be aware what’s on it, unless they do a detailed inspection of the harddrive.
The report I saw was that a laptop and external hard drive were stolen. You can buy a half-terabyte portable drive (500 GB) quite easily and cheaply these days.
Even without an external drive, you can readily get 100 GB drives in laptops. And, even though it doesn’t appear one was involved in the VA case, you can stuff up to 60 GB into an iPod and be completely “under the radar.” When’s the last time you looked at someone with an iPod and thought “Hmmm… I’ll bet they’ve got more data than music on that thing!”?
Has anyone found the exact dates of discharge covered by the database?
All I’m finding is “mainly those veterans who served and have been discharged since 1975.”
Now President Bush was discharged on November 21, 1974, which is darn close to 1975.
Is the president now vulnerable to identity theft?
Part of my job during management software implementations would be “data cleansing”.
Still, I did care for that laptop like it was a piece of me.
Thanks for the explanation, drachillix. I’m an applications programmer and haven’t ever run into the need to store vast amounts of data locally. Plus, I can log on from home and access the production database, so downloading would just be a waste of time and space for me.
Thanks for the replies, you’ve all answered my questions.
One story I read said the information was not encrypted; that is pointed out as being one of the things that the employee did that was against policy, take unencrypted data out of the office.
Also, as later stories come out and more is revealed, it happened about 3 weeks ago. They didn’t want to alert the thief to what he or she had, but it has been so long, they felt they no longer had a choice about it.