Some updated news in the wake of the ginormous data breach at the US Department of Veterans Affairs (for some background, see: The Canadian Privacy Law Blog: Incident: Personal information about 26.5M US veterans on laptop stolen):
- The analyst whose laptop was stolen is now looking for work, as are senior management who failed to report the incident for almost three weeks. See: Personnel shake-up at VA over data theft / Analyst whose PC was stolen to be fired -- 2 bosses also out.
- The actual information compromised was greater than originally reported. See: CNN.com - Stolen VA data had phone numbers, addresses - May 31, 2006.
- The data was apparently in an obscure format that's difficult to manipulate and gain access to the information. See: VA Data in Format Not Widely Used (Washington Post).
- The DVA had a history of weak privacy and security practices that increased the risk of an incident such as this. See: InternetWeek: VA Had Many Security Warnings Before Its 26.5 Million-Person Breach .