.

VA to Pay $20 Million in Stolen Laptop Case

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Jan 28, 2009 2:05 am

VA to Pay $20 Million in Stolen Laptop Case

Now that's a game changer when it comes to determining risk. The kicker is they now have to pay twice... $20 million to those listed in the class action suit and another $20 million or so to implement better security measures and training to become, as they put it, the "gold standard" for security. And all this even after they determined that the data was never improperly used. Then again, I guess that's better than the 26 billion the blood-sucking lawyers were trying to get.


WASHINGTON (CNN) -- The Department of Veterans Affairs has agreed to pay $20 million to current and former military personnel to settle a class action lawsuit on behalf of the men and women whose personal data was on a laptop computer stolen during a burglary.

The names, dates of birth and Social Security numbers of about 26.5 million active duty troops and veterans were on the laptop and external drive, which disappeared while in the custody of a Veterans Affairs data analyst in 2006.

The theft led to an urgent search by federal authorities that ended with recovery of the laptop and a conclusion that the missing data had not been improperly used.

"The defendants [VA] have agreed to pay a lump sum of $20 million to the plaintiffs inclusive of fees and costs in exchange for the dismissal of this litigation," according to the settlement document.

In a statement, the VA said it "is committed to being the 'gold standard' in data security, just as we are a leader in the health care industry. We want to assure veterans there is no evidence that the information involved in this incident was used to harm a single veteran."

The settlement, announced in U.S. District Court in Washington, was reached "in the interests of avoiding the expense, delay, and inconvenience of further litigation of the issues raised in the class complaints," the agreement says.

The funds will go to military personnel and veterans who were harmed by the loss of personal data, either through emotional distress or through costs incurred in monitoring credit records.

The settlement ends nearly three years of litigation. After the May 3, 2006, theft, five veterans groups filed the class action suit initially seeking $1,000 in damages for every veteran whose information was compromised in the computer theft.

On June 29, 2006, the FBI announced the stolen laptop had been recovered and that it appeared no one had accessed the personal data. The FBI said it believes the laptop was taken in a routine burglary.



Original story:
http://www.cnn.com/2009/POLITICS/01/27/va.data.theft/

Don
CISSP, MCSE, CSTA, Security+ SME
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Wed Jan 28, 2009 4:24 pm

Re: VA to Pay $20 Million in Stolen Laptop Case

I wonder who is the CISO or equivalent POC there for their certification and accreditation program. I would think that they fall under DIACAP, but I have been wrong before.
Mike Conway
CISSP
CompTia Security +
C|EH

Return to Physical Security

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software