Identity Crisis (Again)

Here we go again. Yesterday the Veterans Administration (VA) disclosed that vital identifying information for more than 26 million former military personnel and some of their spouses including social security numbers was stolen when a VA data analyst's laptop was taken from his suburban D.C. home during a burglary. VA officials say there is no evidence now that the thieves know what they have in their possession or that any of that the data analyst, who did not have permission to take the laptop home, was involved in a plot to steal the data. However, it is clear the information is very much in jeopardy. It is also clear that even after so many other high-profile incidents, organizations are still not learning the importance of protecting their clients' most vital assets- their identities.Since this incident was made public, analysts have offered a laundry list of solutions running the gamut from data encryption to dropping the linking of social security numbers to credit and other financial information. Honestly, as valid as the discussions around these topics may be I think we are overlooking the most basic issue. What the heck were 26 million veterans' names, birthdates, and social security numbers doing on a single disk or a laptop - a mobile computer? The fundamentals of physical security are being overlooked yet again. Companies, educational institutions, and government organizations need to get a grip on this data, literally.

Laptops can just walk away. And the best encryption in the world can be deciphered by cyber criminals. Organizations need to think through how they are managing - and that includes storing and accessing - customer records. Or else, we will all continue to be at risk.

Incidentally, if you have any concerns that your data may have been compromised in this most recent event please go to the First Gov site for more information.