DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

VA report to Congress on data incidents in October

Posted on November 17, 2010 by Dissent

The Department of Veterans Affairs October report to Congress on data incidents is available online. Here are some breaches of note contained in the report:

A Regional Office (RO) guard at the Veterans Benefits Administration in Tennessee found an unencrypted thumb drive inside the facility doors on October 8. The guard took the drive home to investigate and showed it to the guard’s spouse who “maintains a high security clearance thru Department of Justice and DEA.” The guard’s spouse identified the information on the thumb drive as VA sensitive information and the thumb drive was turned in VA custody the next morning. The thumb drive belonged to a VA staff member and had fiduciary information for approximately 240 Veterans and/or beneficiaries. Their full names, SSNs, DOBs, mailing addresses, medical data (health information), and other financial information was included. The thumb drive was the personal property of the employee. The employee was not authorized to maintain VA sensitive information on a thumb drive and had failed to follow VA policies and procedures. The thumb drive was unattended/lost for approximately 16 plus hours and the contents were seen by unauthorized persons. The 240 Veterans were offered credit protection services.

On October 15, an employee reported that multiple pages from an Oklahoma VAMC pulmonary laboratory log book were missing. The log book pages contained patient names and partial Social Security number along with lab test abbreviations. The pages missing from the lab log book could contain up to 1,950 Veterans’ names, appointment times and dates, last 4 of the SSNs, mod/unit, requesting physicians, tests, and lab numbers from 01/01/10 until 10/08/10. Although the military believes that the pages were likely shredded, since there was no proof that the log book pages were shredded, 1,950 Veterans received a notification letter. The VA also noted that due to the number of Veterans affected, public notice and HITECH submission would be required.

On October 25, the Education Department was moving from one storage area to another in the Bronx and a box containing information pertaining to 146 employees who took the Cardiopulmonary Resuscitation (CPR) test was left in the open. The location was accessible by employees as well as volunteers. Privacy information included employee’s names and social security numbers. The employees were notified and offered credit protection.

On October 25, a VA employee in Honolulu took home a list with 180 Veterans’ information, including their full SSN, to have his spouse help him develop a Word document from the list. The employee tried to email the completed Word document to his VA email account but the VA server rejected it. All the documents are back in the hands of the HIMS Chief. She has consulted with HR on the matter and will counsel the employee. The Veterans received a letter offering credit protection services.

Also for the month of October:

Total number of lost Blackberry incidents = 22
Total number of internal un-encrypted e-mail incidents = 79
Total number of Mis-Handling Incidents = 79
Total number of Mis-Mailed Incidents = 115
Total number of Mis-Mailed CMOP Incidents = 10
Total number of IT Equipment Inventory Incidents =2
Total number of Missing/Stolen PC Incidents = 4
Total number of Missing/Stolen Laptop Incidents = 10 (all encrypted)


Related:

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
Category: Breach Incidents

Post navigation

← ND: East Grand Forks man to plead guilty in ID-theft case
Se: Chlamydia 'refuseniks' face police round up →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea’s largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
  • North Country Healthcare responds to Stormous’s claims of a breach
  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access
  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.