Join Mike Chapple for an in-depth discussion in this video The Veterans Affairs (VA) breach, part of Inside the Breach.
(dramatic music) - [Instructor] On May 3rd, 2006, two teenagers broke into a home in suburban Maryland and stole some electronic equipment that included a laptop computer and external hard drive. What they didn't know is that their petty burglary was about to become national news and that they would soon have a $50,000 reward on their heads.
The national interest in this case stemmed from the fact that the devices belonged to a data analyst with the US Department of Veterans Affairs and what the thieves didn't know is that those devices contained the names, social security numbers, birth dates and other sensitive information belonging to over 26 million military veterans and active duty service members. Unlike many breaches that take place in the private sector, we have extensive information available to us about the investigation of the VA breach.
This report issued by the VA's Inspector General provides a detailed critical look at the circumstances leading up to the breach as well as the VA's short-term and long-term response. If you're interested in learning more about the VA breach after watching this course, I encourage you to read through a copy of the investigation report. The employee who was never named in public reports had loaded large quantities of sensitive information onto the stolen devices as part of what he called his fascination projects.
He was pursuing several lines of research that he thought would benefit disabled veterans and he didn't have enough time to work on them at the office, so he brought the data home two years prior to the theft and left it there despite not having recently worked on the projects. The data stolen in the breach was wide ranging. Later investigation revealed that the external hard drive likely contained five sensitive files. The first and potentially most damaging contained 26 million records from the Beneficiary Identification and Records Locator Subsystem or BIRLS database.
This dataset contains veterans' names, social security numbers, birth and death dates and other personal information. The second file was a 2.8 million record dataset from the Compensation and Pension File which contained records on disability payments to veterans. The drive also contained a file from the National Survey of Veterans that contained demographic and socioeconomic information on 20,000 veterans along with their telephone numbers. The fourth file contained 5.5 million health records from the Veterans Health Administration and the fifth file from the Department of Defense contained information on over 6,700 individuals who were exposed to mustard gas and other toxic substances.
The Department of Veterans Affairs had lost a ton of information and the public was clambering to know more.
Note: Because this is an ongoing series, viewers will not receive a certificate of completion.