DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Is the Veterans Administration doing enough in mitigating breaches? One veteran says “No.” Here’s why.

Posted on August 3, 2015 by Dissent

Benjamin Krause, an investigative reporter, Veterans law attorney, and a disabled veteran of the US Air Force, has a site called DisabledVeterans.org. One of his posts showed up in one of my searches, and I thought it was worth noting here.

In the context of discussing a recent VA breach and government accountability, Benjamin writes:

I personally had VA VocRehab mistakenly mail an entire copy of my file to my old address from two years earlier – a large apartment complex in a major American city. There is no telling where the files ended up.

Veterans Affairs indignantly declined to proactively retrieve the documents and told me to call the cops if I was worried about it. I repeat, the agency made me do the leg work to try to recover my files that were mistakenly delivered to the wrong address.

I did call the cops. They were confused why VA would not take charge of the recovery of my files and said their was little they could do unless a crime was committed.

VA offered me one year of identity protection. That was it. Meanwhile, over 1,000 pages of files containing everything about me were misplaced and now floating around somewhere in the United States.

Did anyone get reprimanded for the cockup? No. Did I get the records back? No.

What a crock. How is it that we live in a country where the Federal government is not held accountable?

It’s an excellent question. All a-flutter over the OPM breach, Congress is trying to enact legislation that will provide longer credit monitoring and greater liability protection to those affected by that breach, but as Benjamin notes, after-the-fact credit monitoring is often not sufficient nor satisfactory.

Should the VA have gone to the apartment complex or attempted to track down Benjamin’s errant files if they erred by not updating his mailing address? According to the VA’s monthly reports to Congress, mailing errors happen (there were 161 paper mis-mailing incidents in June, 2015). Indeed, paper incidents account for the bulk of VA breaches that result in the exposure of personally identifiable or protected health information.

But if the VA sends out literally millions of mailings each month (over 7 million in June, 2015), is 161 an acceptable error rate? If not, should the VA reduce paper mailings where electronic transmission is a viable alternative? Or should it use a more costly mailing system – of requiring a signature for delivery – when a veterans’ files with sensitive information are being mailed?

Mistakes will happen either way, and Benjamin raises a valid question: what should the VA do to mitigate or remediate? Could they have at least initiated a trace request with the post office? Why should Benjamin – or any other veteran – have the burden and worry of trying to track down their personal and sensitive information when the VA makes a mistake? Don’t our veterans have enough problems without being told that the VA won’t even try to track down their mis-mailed records?

 

Category: Commentaries and AnalysesGovernment SectorHealth DataU.S.

Post navigation

← OPM Data Breach Update
Anonymous Hacks Waller County Sheriff’s Department Computers For Sandra Bland – Or Did They? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.