With a little computer savvy and a few keystrokes, identity thieves can invade your privacy, run up your credit card bills, pilfer bank accounts and create years of financial nightmares.
A name, date of birth and Social Security number are all the thieves need. Because of slipshod procedures to protect computer data, the Department of Veterans Affairs might have given them just that.
Sensitive information on 26.5 million veterans discharged since 1975 was stolen from the home of a VA employee who improperly brought the material home to work on, officials announced Monday. It's of small comfort that the burglars probably don't even know what they stole.
The theft -- one of the largest breaches of identity security ever -- occurred even though the VA was on notice for years from its inspector general that its information security was lax. Even more disturbing is that the VA apparently learned nothing from the more than 130 reported breaches at banks, credit card companies, colleges and a giant data broker that exposed more than 55 million Americans to ID theft last year alone.
The episode is all the more reason to be skeptical when the government says "trust us" on security and privacy matters, such as with the National Security Agency's secret collection of phone records of millions of Americans.
If you think such sensitive data couldn't get beyond the office walls, recall the case of former CIA director John Deutch, who was accused of storing hundreds of highly classified reports on unsecured home computers, leaving them vulnerable to theft. (President Clinton pardoned Deutch in 2001.)
The VA analyst who brought his work home violated department procedures and was placed on administrative leave. But privacy advocates are astonished that the data wasn't encrypted, which would have rendered it useless to all but the most sophisticated computer hackers. Failure to encrypt is like sending a bank armored vehicle to transfer cash with no guards.
In our digital age, Congress and state lawmakers need to establish basic protections for information. The rising industry of data brokers needs more oversight. Anyone who handles sensitive information should be aware of federal privacy laws and punished for violations.
It's hard to take seriously government warnings about how to prevent ID theft when the government itself is so lax about protecting sensitive data.
Find this article at: