Yo, R. James Nicholson....Bite Me

The BBQ Pit
1

So I get this charming letter from Veterans Affairs, signed by Mr. Nicholson.

It reads something like this:

*Dear Veteran,

Unless you’ve been living under a rock for the last month, you may have heard how we fucked up in a major way last month. One of our employees took his laptop home the other night, and damn if somebody didn’t burglarize his home. The stolen data contained your social security number, date of birth, detailed sexual history, account numbers for all of your credit cards, a map to your home, duplicate key to the front door, juicy excerpts from your phone calls now monitored by the NSA for your protection, and our most recent inventory of your household firearms. To protect yourself from serious financial and/or physical harm due to our bumbling incompetance, we strongly suggest you not be a moron when determining how to respond to the numerous phishing scams we have no doubt will soon be coming your way. Oh, and btw, since our data on you got stolen, we’ve asked our good friends at the IRS to foward this very important mailing to you. Sincerely Yours, R. James Nicholson, Chief Damage Control Guy.*

Now, I’ve been out of uniform for about 14 years. Used up the last of my GI Bill back in 1995. Got my full and final discharge from the Individual Ready Reserve (think that’s what they called it–the deal that means your ass still belongs to us for a couple years after you leave the military) around 1994. I have not contacted the VA for any reason since 1995. I’m way too old to be of much use to the military anymore, and I’m not about to cut my hair that short again anyway.

Why in the blue hell is any info regarding me and my military service on a laptop computer in the first damn place?

Since my info was on a laptop for some reason, why in the blue hell did that laptop not include a security device that would sound klaxons and trigger flashing lights in the event someone attempted to remove it from the building? Fucking Wal-Mart does that to Compact Discs, surely the US MIlitary can handle similar technology???

For some reason, my questions do not seem to be included in the handy dandy FAQ they so thoughtfully included in the mailing. The FAQ does, however, assure me that this probably won’t happen again. Ya see, they’re working with the President’s Identity Theft Task Force, the Department of Justice, the Federal Trade Commission, and the Super Friends. That Presidential Identity Theft Task Force sure sounds impressive. Right up there with FEMA. I’m sure that the loyal Republican Pig Farmer they’ve hired to run it is doing a “helluva job”. Maybe they’ll even get Pat Robertson to pray for me. I know I’ll sleep a lot better now.

2

I don’t quite understand, and hopefully someone here can explain this to me-

Why the hell is ANY sort of sensitive government information stored in any way on a friggin’ LAPTOP!?

3

Why do you hate America, Oakminster?

Do you hear that sound? It’s baby Jesus weeping for America. I hope you’re proud of yourself.

:slight_smile:

4

There was something similar here in Boston a few months ago when the Boston Globe sent out bundles of newspapers wrapped in scrap paper from their offices. The scrap paper had the names, addresses and credit card information for some of their subscribers.

The media reported on it, but missed the point. It’s bad that the information got out of their offices, but there’s no reason for it to be printed out in the first place. Credit card numbers are legitimately used for individual transactions only. There is no reason for anyone at the VA, or the Boston Globe, to have access to them in bulk.

Idiots.

5

  1. The reason your information is in the VA data base is because the military enters this information automatically for every person discharged since 1975. You also used your GI Bill, which means an education record was also established.

  2. The information was not stored on the employees laptop, it was on a group of computer disks that the employee had with his laptop. The information stored on these disks was raw data taken from the main veteran data base that the employee was using to do work from home (he was a Data Analysis). Robot Arm - from what I heard, part of this employees job description is to do reports from this information. Also, FWIIW, I, along with hundreds of other VA employees, have access to this very same information. Without it, we can’t do our jobs.

  3. I have seen a copy of the letter and the FAQ that was mailed to veterans and I think it is an honest, upfront letter. It basically states that VA fucked up and these are the steps you should take to protect yourself. It also states that so far there has been no evidence of identity theft, but there is no guaranty that there won’t be. I don’t blame vets for being pissed. However, I imagine there would be a lot more pissed off veterans if the VA ignored them and didn’t send out a letter at all.

  4. The military has nothing to do with securing VA records.

  5. As stated in my post from here - http://boards.straightdope.com/sdmb/showthread.php?t=372903 VA has always implemented record security, but obviously failed in this situation. I will ask you the same question I asked in the other thread. Outside of strip searching employees everyday as they leave the building or installing expensive scanning/alarm systems and chips in every VA office that holds records (hundreds), how would you have prevented this?

  6. The reasons why your FAQ weren’t answered, is that they already were answered in news articles or really weren‘t relevant (the mistaken belief that the military could secure these records). The information I posted above (that I think answers your questions), is information that has been in almost ever news story since this things first came out.

6

Ummm…I did take a bit of poetic license in describing the info stolen. According to the actual letter, the stolen info was limited to names, ssn, date of birth, and possibly a disability rating for affected Vets and some spouses. Thought it was funnier my way.

7

  1. Oh fucking wonderful. My info wasn’t in a laptop, it was on a floppy disk that might fit into somebody’s pocket. Brilliant. Even better is the notion of some underpaid computer geek writing reports about my personal data while he’s doing bong hits and waiting for the big guild raid in Everfuckingquest. I feel much better about it now.

  2. Preventing this isn’t my damn job. I had a fairly intense security clearance when I was in service. Signed all sorts of documents, waiving all rights and granting them permission to sodomize me with a cattleprod if I ever told another human being all of the classified information I’ve long since forgotten. I kept my promise to you. You figure out whatever you need to do to keep my info secure.

8

Data is data. If he can access it he can copy it and take it home to do some work. While I’m sure this isn’t the first time someone has taken stuff of this nature home it’s the first time something this catastrophic has happened. It’s from mistakes like this that lessons are learned.

9

I got the wonderful letter last week. I had already heard about it thanks to the Dope and the Daily Show.
We had better data control back in the 80’s when I was in. I am surprised by the cavalier attitude towards a fairly major data breach. I hope the idiots involved are headed for Leavenworth. I am not too worried about my data; it is old and partially out of date. But the idea annoys me to no end.

Jim

10

Beyond just that, why was it not backed up somewhere? Why was it not passworded and encrypted? The whole thing is fucking stupid.

11

I am not trying to make you feel better. Life has been hell around the office the last few weeks trying to calm veterans with things that we don’t even know ourselves. It’s been especially hard trying to reassure the elderly, poverty level, disabled veterans that everything they own won’t disappear tomorrow and they get tossed into the ocean. They don’t really understand what identity theft can mean to them. Believe me when I say, I am very much aware at what this ugly incident has caused our veterans. Thanks to the employee who took this work home with him, our jobs have become much more difficult that normal, and that is saying quite a lot as a VA employee during a war-time period. So again, not arguing against your anger, I am very angry too.

I am in no way making excuses for anyone to take home this type of data. We receive manditory training every year in very detailed and specific regulations regarding the Privact Act, FOIA, HIPPA, and electronic and hard copy record security. We know not to take personal information outside of secured areas. However, at this time, the VA is understaffed and under funded – during war-time. I can almost guarantee that this employee was feeling the stress and pressure in having projects done on time that he was willing to sneak work home with him. Again, not making excuses, just stating something that is highly possible especially knowing first hand the pressures VA employees are under right now. He was fired, and rightly so, but unless you know this employee on a personal level, your comments about bong hits and computer games are unfair.

Preventing this isn’t your damn job, I am only asking for your suggestion since you have such a great stake in it (YOUR personal records). I know what measures are taken to secure these records. I too have to grant permission to be sodomized by a cattle prod if I do not keep them secure at all times, but again, how do you suggest that these records be safeguarded when an employee (or in your case, military personnel) goes against regulations and takes the data home? Daily stripsearch before we leave the office? How could you have prevented it? I ask sincerely. I keep hearing that this should have been prevented - I agree, but so far I have heard nothing on how that should have been done.

One last nitpick. As I said before, the VA and the military are two entirely different entities. You kept your promise to the MILITARY, not VA. Not saying that your records should not be safeguarded, just trying to make sure you are understanding the difference between the two as this is the second time you appear to confuse them.

12

IIRC, it wasn’t on a floppy disk that could fit in someone’s pocket. It was on a removable hard drive. Those things aren’t all that big, but they certainly aren’t as small as a floppy disk.

13

:::sigh::: VA does NOT equal Military!!!
“Back when you were in” is irrelevant. This information was stolen from a Department of Veterans Affairs data base that a VA employee brought home from the office.

“Cavalier” attitude? Do you mean the 9000 meetings that have been going on? The press conferences? The firings? The working with credit bureaus to insure that every veteran is entitled to receive free credit reports? The thousands of government workers hired temporarily to man a special phone number set up to answer questions on this specific issue? The extended work hours and days to be available to talk to veterans about the theft? The immediate end to ALL work-at-home VA employees regardless of the data they have access to? The mandatory security tests that we were all required to take last week? The meetings upon meetings on how to solve this things and protect our veterans. Cavalier indeed.

FWIIW, you SHOULD be worried about your data. The most important data contained in those records are your name, date of birth, and Social Security Number. As far as I know, that information hardly every goes out of date and even if they do (i.e. name change), the data base will cross reverence.

14

“reference”

15

You’re all a part of the same government. I don’t care if your ID badge says VA, and not DOD. If you’ve got access to my records, you owe me. You owe me big. If it takes strip searches to keep my info private, then spread em and smile.

Poor VA. Boo-fuckin-hoo. You fucked up. Make it right, ASAP, with no whining.

16

So you are saying the VA has always had bad Data security? I ask this an IT person, rather than a vet.

I just meant by people on the board and some in the news. I think the VA is doing a good job handling the problem, now that they discovered the barn door was left open.

Good point; I was being naive wasn’t I? All the more reason for the person who took home the Data and the person in charge of data base security should go to a federal penitentiary.

Jim

17

I want to add:
Diane, my anger is not directed at you. In fact I think you are brave to even post in a pit thread that is likely to draw out a bunch of pissed off vets.

Thank you and try not to take the negative comments personally. This is just letting off steam at the VA in general for what appears to be an inexcusable mistake.

Jim {I really think it is remarkable you are subjecting yourself to the vitriol that is likely to appear in this thread, I am not as brave as you}

18

Um yeah, okay. You obviously don’t realize we are on the same side of the anger and argumen. You’re simply looking for someone to fight about it, so find someone who disagrees with you. I was merely trying to correct your erroneous information that you were spewing but you don’t want to hear any of it so I will just step back and let you spout off demands if it makes you feel better. In the long run, your records are still stolen and there really isn’t shit me, you, VA, or GeeDubya himself can do prevent your identity from being stollen if they get into the wrong hands.

And FYI, I don’t have an exact number, but a huge majority of VA employees are military veterans, quite a few of them service connected disabled veterans. I can promise you, no one is going to have body cavity searches to protect your records. Ain’t gonna happen, sorry.

19

If you will read the post I linked to, I explained there the security procedures that have been in place well before I started my career with VA almost 17 years ago. From my personal experience, VA has always been very tight and secure with records. As I said in the other thread, it takes three different passwords that must be changed every few weeks just to access the data. The system times out if inactive for more than just a few minutes. On top of this, a screen saver will also come one - a password protected screen saver (yet another password guarding this info). We have to be certified to access these records with yearly security training. The computers where this information is kept is in a locked keycard, employee only area. We know this information is not to leave the area, so AGAIN - how could VA have stopped this employee? An all inclusive data file such as the one that was stolen, is only accessible but very select few employees such as a data analysis. For the rest of us, these records are only obtained one at a time and we have to be able to bring them up with a SSN or SN.

The investigation is still ongoing. The employee and his supervisor have been fired will more possible firings down the road. He was wrong to take it home, but it is important to note that the employee had full authorized access to this information.

You are correct. It is an inexcusable mistake that VA needs to fix above and beyond the best of their ability. Even if the records are never used for identify theft, the amount of stress it has caused (especially for the elderly vets) is also inexcusable.

When you have worked as a counselor for disabled, homeless, and a variety of mentally disabled and/or pissed off veterans (some with armed guards) for as long as I have, pissed off internet message board veterans are a piece of cake. :slight_smile:

20

Diane, thanks again for your fight to keep Doper vets informed about the truth with this whole mess.

Will we ever get a name for the idiots involved in this idiocy? I figure it’s only fair that we know who these idiots are, since they’ve screwed with out personal information so much. I don’t want SSNs, I don’t care about addresses. But I want a name. I’d love a photograph, too. I’m thinking about getting out the dartboard, and replacing the photograph on it. :wink: