VA data in hard-to-read format

Internal memo shows that more than SSNs were involved. Data on chemical tests, one individual's medical data involved.
Written by ZDNet UK, Contributor on

It looks like those thieves of the VA data may have a harder time than expected accessing that data. The Post reports that the social security numbers of 26.5 million vets was stored in a standard format that requires special software and training to access.

An internal memo written by VA privacy officer Mark Whitney and obtained by the Post explains that the format was used for data manipulation and statistical analysis. The format "requires specialized application software and training" to write computer code "to access and manipulate the data for use," Whitney wrote in the memo.

The job would be substantially easier if the stolen laptop contains the required software, though, said Ari Schwartz, deputy director of the nonprofit Center for Democracy and Technology. "This is not nearly the type of protection they would have had if they had followed basic security procedures and encrypted this," Schwartz said.

The Whitney memo also reveals that addresses and phone numbers were included in the stolen data, as well as 6,744 records of vets who took part in mustard gas tests during World War II, and 10 diagnostic codes from one vet's treatment file.

In the personnel shakeup, VA Secretary Jim Nicholson announced Richard M. Romley, a former prosecutor from Maricopa County, Ariz., as his new special adviser for information security. He will evaluate the department's computer security procedures and recommend improvements.

Michael H. McLendon, a VA deputy assistant secretary who learned of the May 3 burglary within hours of the crime but did not immediately tell top-ranked officials, resigned last week. The employee who took home the data to begin with will be fired and Dennis M. Duffy, acting assistant secretary for policy and planning, had been placed on administrative leave, Nicholson announced.

Editorial standards