Data Dump

Beware of overreaction to the recent spate of federal data theft incidents.

All indications are that this is shaping up to be the Summer of Data Theft in the federal government.

It got started with a bang just before Memorial Day, when the Veterans Affairs Department announced that personal information on more than 26 million veterans and military service members had been stolen along with a laptop computer from an employee's home. The ensuing scandal was amplified when other agencies began logging reports of their own data thefts:

  • The Health and Human Services Department announced that information on more than 17,000 Medicare beneficiaries might have been compromised because a contractor had failed to properly secure the data.
  • Energy Department officials acknowledged that last September, they discovered that a hacker had accessed personnel records for 1,500 contract workers and employees at the National Nuclear Security Administration.
  • The Agriculture Department reported that a hacker broke into one of its computer systems and might have stolen the names, Social Security numbers and photos of 26,000 Washington-area employees and contractors. The information was used to create staff and contractor ID badges.
  • The Federal Trade Commission revealed that two of its laptops were stolen from a car. (A "locked vehicle," the agency took pains to note.) FTC notified 110 people that some of their personal information was contained on the computers.
  • In an ironic twist, the Government Accountability Office, which has sharply criticized agencies' information security policies, was forced to acknowledge that it had posted records on its Web site with some personal identifying information on a group of federal employees.

All of this is just what the government needed: another excuse for Americans to believe that agencies can't be trusted with basic tasks. And, unfortunately, the incidents provoked a typically Washingtonian response: political grandstanding and panicked overreaction.

VA Secretary James Nicholson was hauled to Capitol Hill to explain how the data theft could have occurred and why it took almost three weeks for the department to make it public. His testimony boiled down to the following: Everybody but me screwed up. Nicholson said he was "outraged" and "mad as hell" about the "lapses of judgment on the behalf of my people." He insisted that "directives were issued," but "they were paid no attention to."

Congress demanded action, and Nicholson gave it to them. Within days, Veterans Affairs took immediate steps to notify those whose data was stolen. Later, the agency began soliciting bids from contractors to provide a year's worth of free credit reporting to people whose personal information was compromised.

But the steps Nicholson took with respect to his own workforce could have an even more long-lasting effect. Nicholson started the process of firing the employee who brought the data home, and replaced the leaders of the division where he worked. In early June, he declared that the agency would limit telework at one of its divisions and eliminate employees' access to department networks from their home PCs.

That action sent a strong message to employees not only at VA, but across government: Punch in and punch out at the office, and never take work home. Why take the risk that you'll end up bringing home data that will be deemed sensitive?

Unfortunately, we in the media will end up reinforcing this message, because we'll continue to be on watch for the next story in the ongoing data theft scandal. Just look at the number of stories that emerged in the weeks after the VA incident.

But as you read them, remember this: The VA employee whose data was stolen brought it home on disks, not by accessing the department's network remotely. And it turned out he had received permission to bring a laptop and the data home-presumably because of his dedication to his job. From now on, fewer employees will make that mistake. Is that what the government-and the country-really wants?

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by Brocade

    Best of 2016 Federal Forum eBook

    Earlier this summer, Federal and tech industry leaders convened to talk security, machine learning, network modernization, DevOps, and much more at the 2016 Federal Forum. This eBook includes a useful summary highlighting the best content shared at the 2016 Federal Forum to help agencies modernize their network infrastructure.

  • Sponsored by CDW-G

    GBC Flash Poll Series: Merger & Acquisitions

    Download this GBC Flash Poll to learn more about federal perspectives on the impact of industry consolidation.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by Aquilent

    A DevOps Roadmap for the Federal Government

    This GBC Report discusses how DevOps is steadily gaining traction among some of government's leading IT developers and agencies.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

  • Sponsored by CDW-G

    Joint Enterprise Licensing Agreements

    Read this eBook to learn how defense agencies can achieve savings and efficiencies with an Enterprise Software Agreement.

  • Sponsored by Cloudera

    Government Forum Content Library

    Get all the essential resources needed for effective technology strategies in the federal landscape.


When you download a report, your information may be shared with the underwriters of that document.