An insider has been arrested in connection with a leak of private data on 38,000 US veterans. The suspect was a temporary worker for Unisys who had access to the company’s hardware. According to experts at InfoWatch, companies often underestimate the danger of subcontractors.
The FBI has arrested a 21-year-old Unisys Corp. subcontractor for the theft of a computer that contained the private details of 38,000 US Department of Veterans Affairs medical patients.
Khalil Abdulla-Raheem was arrested last Wednesday for the theft of government property. He is the employee of an unnamed company that "provides temporary labor to Unisys," according to a statement from the VA.
The computer was stolen at the end of July from a Unisys office in Virginia. It contained the personal details of 16,000 living patients who had received treatment at VA medical centers in Philadelphia and Pittsburgh, as well as information on another 2,000 who are deceased. Information on an additional 20,000 patients may also have been stored on the computer, according to the VA. It is believed that the personal data may have included Social Security numbers, addresses and insurance details. The FBI is currently trying to ascertain whether the information has been compromised.
The theft is just one of a series of breaches to affect the VA that have involved unencrypted personal data on former servicemen. In one incident the theft of a laptop led to fears that data on over 26 million veterans had been compromised. Laptop encryption is due to top a list of the 10 most important security trends for 2007 due to be released on October 1 by the SANS Institute, a computer security training organization.
“The insider who has been arrested was a subcontractor and had the same level of access as most of the other workers. Unisys had no safeguards against insiders whatsoever and completely underestimated the dangers posed by temporary staff. The company will be let off the hook if the FBI can prove that the private data on the computer has not been compromised,” says Denis Zenkin, marketing director at InfoWatch.
Source: ComputerWorld