RealTime IT News

Top Dem Blasts Latest VA Data Loss

U.S. Senate minority leader Harry Reid wasted little time finding fault with the Veterans Administration's (VA) latest security breach, calling for the resignation of VA Secretary Jim Nicholson.

Earlier this week, the VA reported a desktop computer with personal information on as many as 38,000 veterans is missing from a VA subcontractor's office.

"Enough is enough. Secretary Nicholson must resign immediately and be replaced with an individual who will do more than talk, but deliver on the promises America makes to those who serve," Reid said in a statement.

The breach follows a May disclosure by the VA of a stolen laptop containing personal information on approximately 26 million veterans.

The laptop was eventually recovered with no apparent incidents of identity theft.

After the May breach, both the House and the Senate held hearings on the VA's security procedures. Nicholson testified at both hearings.

"Last October, I approved a major restructuring of information security within the department, far, far before this incident occurred and reached the light of day," Nicholson testified.

"This restructuring ordered the centralizing of almost all of the information technology within the department to come under the chief information officer."

Nicholson said the May breach "accelerated" the VA's security consolidation and promised lawmakers the VA would set the standard for other government agencies when it comes to security of records.

Then came this week's breach.

"Less than a month after promising to make the VA the 'gold standard' in data security, Secretary Nicholson has again presided over loss of the personal information of thousands of veterans," Reid said.

Nicholson issued a statement after this week's breach stressing there is still work to be done on the VA's security restructuring.

"VA is making progress to reform its information technology and cyber-security procedures, but this report of a missing computer at a subcontractor's secure building underscores the complexity of the work ahead," Nicholson said Monday.

In May, VA Inspector General (IG) George Opfer told Congress serious security issues remain at the VA.

"In all four audits of the VA Security Program issued since 2001, we reported serious vulnerabilities that remain uncorrected," Opfer said.

"These reports highlight specific vulnerabilities that can be exploited, but the recurring themes in these reports are the need for centralization, remediation, and accountability in VA information security."

Since 2001, Opfer said the IG's office has reported weaknesses in "physical security, electronic security, wireless security, personnel security and FISMA reporting."