Personal data, including Social Security numbers of 26.5 million U.S. veterans, was stolen from a Veterans Affairs employee this month after he took the information home without authorization, the department said Monday.

The INFOSEC practitioner in me wants to beat some GS-half-wit @$$ . . . the ex-GI in me lowering my trousers and spreading ’em . . .

Captain Ed makes a good point at Captain’s Quarters: by design big programs are unlikely to betray us, but careless/clueless individuals may very well. Unlike say, a computerized program that looks at numbers, a human with someone else’s name, SSN, and other data can actually do damage and really violate your privacy (not to mention your bank account and credit rating). The jury is still out whether this was part of some cunning plan or just someone after someone else’s hardware (most likely). Either way I find it hard to believe taking this data home for some O/T work was authorized by superior or statute.

All related discussions are satellites around a core question: is our data our own or not? Pick on nanny-state Europeans all you like; they’d sooner give up a limb than personal data. Trading in personal data w/o authorization might cost you a (figurative) limb. Barring the creation of a similar situation here in the US, what constitutes misuse and abuse of personal data will remain very much a point of view.

About the Author

Michael Tanji

Michael Tanji spent nearly 20 years in the US intelligence community. Trained in both SIGINT and HUMINT disciplines he has worked at the Defense Intelligence Agency, the National Security Agency, and the National Reconnaissance Office. At various points in his career he served as an expert in information warfare, computer network operations, computer forensics, and indications and warning. A veteran of the US Army, Michael has served in both strategic and tactical assignments in the Pacific Theater, the Balkans, and the Middle East.