Source: Theft of vets' data kept secret for 19 days

Tuesday, May 23, 2006; Posted: 11:24 a.m. EDT (15:24 GMT)



http://www.cnn.com/2006/US/05/23/vets.data/index.html

sure... there's always been corruption, but nowhere close to this. Fuck you GOP!

And why did he bring such valuable material home anyway?

a good size segment of computer analyst types are always working
It may seem odd for non-computer people but a lot of us do as much work from home as we do at work (and I don't mean scheduled telecommuting)

It's a sort of addiction and you don't leave work at the office.
I've known a LOT of other computer weenies who are the same.

It was a Rovian ploy and you know it.

in order to do his work. I know of no telecommunicators that do that. All use their laptops at home to do a remote login to access the data which remains on the secure servers.

A stand alone database of 26 million detailed records is huge. How could a person even carry out any efficient reporting using only a laptop? 26 million records is a data warehouse.

you do on computers.
You're right... if you're a database consumer you have no reason (and likely little ability) to bring the entire database home.
If you are working on db structure, queries, reports... or even just external jobs that require the db it's not strange at all to want the entire db local. (better to mangle a copy than the real thing during development)

As for how large it is:
The article says it contained names, SSNs, and DOB... 26 million lines of that isn't that huge at all.
Assuming an entire kilobyte per record (which for those 3 fields would be overkill) 26 million records is still only 24 gigs.
A better design might push that down to well under 6 gigs

A 100 gig hard drive in a laptop is NOT unusual.

In shops where I have worked, there is monitoring software that would flag anyone attempting to make a standalone copy of a sensitive production database. Chances are, they would have been marched out by security before the copy was complete. There is no reason to carry the data when it could be accessed remotely by secured login arrangements.

If the lost data was actually a database "view", (a query result), then the whole picture would be clearer. The worker brought home a "view" to work with that. In any event this situation resulted either from some very sloppy data management or there is some larceny involved.

but you not being able to see that is beyond the scope of this discussion.

The article says it has only those 3 columns... not me.

Regarding you not being able to access data to copy it - that all depends on the type of access you have.
As I said before, as a db consumer there is no need for you to be able to copy a database.
As a developer or adminstrator it is very likely that you may need to do just that... and you will likely have the access to do it.

Regarding there never being a need for anything other than remote access you're incorrect.
It is incredibly common ( and smart ) to have multiple db copies during development of any software that directly manipulates that database.

In any case, I'm not saying this particular worker did or didn't do anything or claiming to know his motives.
I AM saying that scenarios in which this data might go home on somebody's laptop ARE NOT unheard of.

I have dealt with large databases from both developer and adminstrator perspectives.

white collar types are being pressed hard, even inside the Gov. The non-announcement actually makes some sense.

Its still a bad thing, but I don't see a conspiracy here, I see some guy trying to catch up.

that I have never heard of anyone carrying a huge standalone database of 26 million records off the premises to do some catch up work at home. In the first place, there is absolutely no need to do that. The master database can be remotely accessed using the laptop to login in to the production servers. You have both security and speed. Try querying 26 million records to run a big report.
I know of no organizations that have sensitive data that would even allow the master databases to be copied off to either CD's or large independent hard disks. Anyone caught doing that would be marched out forthwith, and with good reason.

Something about this whole deal seems bogus.

19 days on it seems there's a decent chance that whoever eventually got the laptop has wiped it

If the information of what was stolen was released the day after the theif would likely have just shopped the data around to ID theft rings.

toss the drive instead of selling it.

from the Tricare health system on May 1st, now the VA database was stolen on May 3rd? Kinda funny no?

http://www.govexec.com/story_page.cfm?articleid=33964&d

EDIT: I found the article, looks like the DoD thing happened sometime in early April, still odd, but I guess it wasn't coordinated?

they cant stop this kinda thing from screwing veterans?

Priorities, people.