Report: VA not doing enough to protect data
GAO finds veterans' information still vulnerable
YOUR E-MAIL ALERTS
WASHINGTON (CNN) -- The Department of Veterans Affairs has not done enough to protect its data in the four years since it was first warned of problems, according to a report from the Government Accountability Office.
"Although VA has taken steps to implement components of its security program, its efforts have not been sufficient to effectively protect its information and information systems," the report said. "As a result, sensitive information, including personally identifiable information, remains vulnerable."
The 38-page report, released Wednesday, comes about a month after a laptop was stolen from the home of a Veterans Affairs employee who, in violation of agency regulations, had taken it to a private residence.
It contained Social Security numbers, names and addresses of more than 26 million veterans as well as perhaps millions of current service members and reservists.
Neither the laptop nor the data has been recovered. Investigators have said it might have been taken by thieves whose operating procedure after allegedly stealing other computers in the area was to erase the data and try to resell the equipment
The VA needs to address its "persistent, long-standing control weaknesses" with strong leadership and a commitment from management, said the report.
It lists many problems with the agency's security that date back to 1998, including: staff members sharing the same password; a continuing delay in developing a program to monitor suspicious activity; the lack of a program to effectively stop unauthorized access to the network; and employees being able to obtain sensitive information without management approval.
According to the report, the GAO made a number of recommendations in 2002 that were "aimed at improving VA's security management " but the agency has not done enough over the years and "much work remains to be done."
|© 2007 Cable News Network.
A Time Warner Company. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us. Site Map.