Security News > 2007 > February > Report: VA funds wasted in data loss
http://www.potomacnews.com/servlet/Satellite?pagename=WPN%2FMGArticle%2FWPN_BasicArticle&c=MGArticle&cid=1149193426231 By JAMES W. CRAWLEY Media General News Service February 28, 2007 WASHINGTON - While the Department of Veterans Affairs reeled last year from the theft of a computer loaded with personal data on 26.5 million vets, VA officials wasted as much as $135,000 on a bungled analysis of the missing information. A report by the VA's inspector general is a tale of favoritism, a late-night contract award, inept contractor employees, expensive restaurant meals and a sabotaged office computer. The agency's inspector general, in the little-noticed report released this month, sharply criticized the hiring of Internet Security Systems, an Atlanta-based firm, and VA officials who approved the contract. The report by the internal watchdog said several VA officials violated federal regulations, did little to monitor the contractor's work and rebuffed VA employees questioning their actions. "As a result of these actions, VA significantly overpaid for the services provided," the report concluded. The VA should recoup money from the contractor and reprimand several current employees, the inspector general recommended. The VA "is working aggressively to implement the recommendations," said spokesman Matt Burns. He would not say if any money had been reimbursed or how many employees, if any, have been reprimanded. After the theft of a VA employee's personal laptop computer and a hard drive that contained millions of veterans' Social Security numbers and personal information last May, the inspector general's office obtained 17 compact discs that the employee had used to transfer data from his office computer to his home computer. After examining the discs, the inspector general's office turned them over to the VA's computer security office June 1, 2006. That day, the VA's top computer security official, Pedro Cadenas Jr., approved a no-bid contract to Internet Security Systems to determine how much information about veterans was missing and report its findings within a few days. Total price was not to exceed $12,768. Also that day, the inspector general's office released the results of its similar analysis of the discs to top VA officials, who used the information in public comments about the scope of the problem. Internet Security Systems obtained the contract because Cadenas had "a personal relationship with high-level ISS officials," the report said. Three phone messages at Cadenas' home in Leesburg were not returned. Internet Security Systems spokeswoman Heidi Litner said the firm is cooperating, but she declined further comment Tuesday. Internet Security Systems has offices worldwide and contracts with many federal agencies and large corporations to protect computers against hackers. IBM bought the firm for $1.3 billion last year.