Readers divided about VA theory on stolen laptops

Readers responded to an Aug. 8 FCW article on data breaches at the Department of Veterans Affairs with a mixture of criticism and praise for Acting Assistant Secretary for Information and Technology Stephen Warren, as well as a few questions.

One reader wrote: Stephen Warren said "people tend to steal laptops indiscriminately for their street value rather than in hopes of profiting from veterans' private information." I guess he's basing this statement on anecdotal evidence and personal supposition? Or empirical evidence gleaned from interviews with the thieves?

Another wrote: Based on the June 4 hearing, it really doesn't matter what VA, [or] Stephen Warren in particular, says about security or whether or not the breaches were high, moderate or low risk. Once you’ve been caught deceiving Congress, veterans and the general public, you forfeit your credibility. Still waiting on what the VA is going to do about the hacking and general penetration of the VA network. As a vet, I’ve yet to receive anything in the mail like the letter sent out in 2006. At some point, offering free credit monitoring is a moot point.

Another had a rebuttal for those criticizing Warren: The last comment is born of ignorance and lack of common sense! While Warren has fewer than a handful of supporters (his supporters are mostly the contractors he hires to document his desires and publish them as if they are their unbiased and undirected opinions), in this case he’s right. Unlike people stealing paper records for the folders that hold the paper, it’s commonly known that most people steal laptops for the laptop itself. And if people want a veteran’s information, they’ll more than likely find a way to hack into one of the many databases that hold it all.… Please don’t add to the ridiculous paranoia that’s infecting VA and taking our focus away from treating patients.

Frank Konkel responds:

There have been many documented problems at VA, and much of the criticism of the department is justified. But I don’t believe there is substantial reason to doubt Warren’s claims that laptops are taken primarily for their hardware value and not the data on them. Why?

The main reason is that even though paper records continue to be the primary data breach for VA -- sometimes releasing the names and Social Security numbers of hundreds of veterans -- few cases of identity theft resulting from these breaches have been reported.

In the case of stolen laptops, many of which are encrypted anyway, it seems unlikely that thieves would think about stealing laptops for reasons that go beyond simply selling them to someone else. If it was appealing for thieves to steal these VA laptops and PCs in hopes of selling veteran identities to the highest bidders, wouldn’t it be far more common than it is?

If that kind of activity did increase, you can bet VA’s very active Office of Inspector General would get the word quickly.