Earlier today, I posted an item and commentary about a breach affecting veterans in Wisconsin. Adam Schrager’s report indicated that there were recurring problems and that the VA knew about these problems but has not addressed them to prevent recurrences. One of the problems involves the VA’s software not flagging SSN that are unhyphenated for mandatory encryption. The VA reportedly does that intentionally because flagging all 9-digit numbers would generate a lot of false positives. The VA did not explain why they didn’t therefore require that all SSN be entered with hyphens. The second problem is that VA personnel are sending information such as SSN and disability claims information to recipients who do not have the clearance to handle such sensitive information.
In an update, Adam now reports that Wisconsin senators are demanding answers from the Veterans Administration. To which DataBreaches.net says, “Good!” They should not be allowed to knowingly and repeatedly put veterans at risk of identity theft.