This number of US Veterans have had their personal details stolen in a recent data theft case, reported by the US-CERT.
This data theft compromised personal information such as the names, date of birth, social security numbers, etc.
The US-CERT team has indicated that the victims of this data theft will be contacted about the leak, to notify each victim how they can protect themselves against misuse of their private details.
Depending on the medium used to notify the victims (Internet/Phone/Mail), it could take a long time to reach every one affected.
The data was ‘lost’ when an employee of the Department of Veteran Affairs, a data analyst, took a copy of the database home on his personal laptop, and the unfortunate analyst was burgled later on and the laptop stolen.
The department believes it was the laptop itself, and not the data contained within, that was the target. It also states that copying the data was in violation of policy.
It doesn’t, however, state that hard-drive encryption is also a policy (see below), which we feel is a ‘must-have’ for mobile workers.
So, if you haven’t sufficiently protected your company against users taking your companies data offsite, then at least be sure to use encrypted media when they do.
And no, encrypted zip files will not suffice.
Update: US-CERT have updated their announcement and also state that you should encrypt sensitive data.