VA Security Breach Update

The Veterans Affairs Department’s Secretary sent a letter to all veterans last week about the massive security breach caused by the theft of an employee’s laptop. An enclosure to the letter explains that the Department is taking the following remedial measures:

The Department of Veterans Affairs is working with the President’s Identity Theft Task Force, the Department of Justice and the Federal Trade Commission to investigate this data breach and to develop safeguards against similar incidents. The Department of Veterans Affairs has directed all VA employees to complete the “VA Cyber Security Awareness Training Course” and complete the separate “General Employee Privacy Awareness Course” by June 30, 2006. In addition, the Department of Veterans Affairs will immediately be conducting an inventory and review of all current positions requiring access to sensitive VA data and require all employees requiring access to sensitive VA data to undergo an updated National Agency Check and Inquiries (NACI) and/or a Minimum Background Investigation (MBI) depending on the level of access required by the responsibilities associated with their position. Appropriate law enforcement agencies, including the Federal Bureau of Investigation and the Inspector General of the Department of Veterans Affairs, have launched full-scale investigations into this matter.

More details on these remedial measures can be found in the testimony given before the House Government Reform Committee on June 8. Today’s Washington Post features an interesting article about the wider impact that this security breach is having on employees who work at home (telework).