Largest Security Lawsuit Ever

[thehorse13]

[snip]

A federal judge temporarily has barred the government from publicizing its free credit monitoring offer to veterans whose personal data was stolen and wants to see if they might get a better federal offer.

Lawyers who have filed a class-action lawsuit on behalf of the 26.5 million veterans and active-duty troops affected contend that accepting the government's offer could jeopardize their chance of winning more money in the privacy suit.

U.S. District Judge William Bertelsman in Kentucky scheduled a hearing this Friday to determine whether the Veterans Affairs Department should revise its offer. His order on the credit monitoring was issued late last Friday.

The suit seeks free monitoring and other credit protection for an indefinite period as well as $1,000 in damages for each person -- or $26.5 billion total -- in what has become one of the nation's largest information security breaches.

[snip]

More here: http://www.boston.com/news/nation/wa...offer_to_vets/


--TH13

[dalek]

Last week, a Senate committee approved $160 million to pay for the credit monitoring for veterans. It is one of many expected payments as the government struggles with fallout from data breaches crossing at least six agencies.

Now with the latest about the Sailors Data problem, this is going to soon bankrupt this administration unless they get a grip on sensitive/confidential data soon, what a freaking sieve..of course they could also just make up a new law...(no payouts, or can't sue the Government)...

http://www.wired.com/news/wireservic...?tw=wn_index_5

[thehorse13]

and as a follow up....

TOP OF THE NEWS

--US House Committee Chairman Vows To Change FISMA

House Veterans Affairs (VA) Committee Chair Steve Buyer said he would "change FISMA" to correct an error in the law that denied CIOs and CISOs the power to enforce security in their agencies. The Chairman had just heard testimony from VA officials saying that FISMA does not give the technology chief authority to enforce (security) policies. http://www.govexec.com/dailyfed/0606/062206p1.htm

[Editor's Note (Paller): What a breath of fresh air Chairman Buyers has brought to the debate. Now if Congress and OMB could just change the reporting and scoring methods used for FISMA, federal agencies might begin to lead by example in improving security. The fundamental error in FISMA scoring is that agencies that pay consultants to complete dozens or hundreds of C&A reports are given high scores even if those agencies do not harden and monitor the systems and networks to protect them from being compromised. Benjamin Franklin is said to have defined insanity as "doing the same thing over and over again and expecting different results." Isn't six years (and a billion dollars) long enough to have learned that the FISMA paper exercise is insane?]

[Tedob1]

somehow id feel safer if .gov outsourced its sec. people... like maybe a company in the UAE

[thehorse13]

Originally posted here by Tedob1
somehow id feel safer if .gov outsourced its sec. people... like maybe a company in the UAE

ROFLMAO...

Actually many of the .gov folks do outsource their sec work. The problem is that it goes to the lowest bidder. You get what you pay for.

--TH13

[genXer]

TH13, and other vets - when you were in, did they use your SSN on EVERYTHING?

They did for us, orders, promotions, issue of 2 ply-fortified-rectal-wipe-paper, etc.

I shredded everything now except a few orders and my DD214, all kept under lock and key... 'course who knows if copies of all of that is in the clear for us? Probably somewhere.

The amount of money alone being spent on the lawsuit and the call center is astounding. They should be using that money to shore up security practices, staff and technology.

AND they should think about changing their strategy for everything going to the lowest bidder, I still have an affliction for wool socks.

For those who need it, and it was in the article, but we're a full service site here: http://www.firstgov.gov/veteransinfo.shtml

[RoadClosed]

If the lawyers and interested parties were truly interested in what is best for those effected... They would welcome a free credit monitoring service. That way any so called damages could be avoided or taken care of first hand. Fact is, a lawsuit is ONLY as good as the damages you can try and prove.

[thehorse13]

Yes, *everything* was done with your SSN. I already received my letter from the VA stating that they fed everything up, blah, blah.

I've kept all of my paperwork in my safe since my discharge. MY DD214 is still used when purchasing firearms from the CMP but I make copies that blackout my SSN.

As for the endless nonesense, I weep for the future.

--TH13

[nihil]

OK folks, time for some typical British stupidity?

I have a British SSN.............. I guess my doctor and dentist know it.......... and it is used with tax returns............ but, apart from that it is pretty useless. You would actually NOT need it to steal my identity (and my debts )

Why is it so important to you guys.............. I guess that I am "challenging the process" here?

Anyone care to explain to a stupid limey?

[Boogymantroy]

When I was in Korea, I received meal one time where the restaraunt (if you can call it that) had gotten ahold of some guys orders and was using a stack of them for liners in the bowls they served the food in. Fine example of security. They got the papers from a trash can that was full of paper that should have been shredded.