Computer stolen from VA subcontractor, Unisys

The Veterans Affairs Department today confirmed that a subcontractor, Unisys Corp., had informed the department that a desktop computer containing sensitive personal information of veterans is missing from the company’s offices. It is the second VA data compromise in three months.

Unisys said the desktop computer contained billing records with information for veterans who sought treatment at two VA medical centers, one in Philadelphia and one in Pittsburgh. The information includes names, address, Social Security numbers and dates of birth. It does not include personal financial information.

"The data were used only for insurance collections management purposes and may include insurance carrier and billing information as well as claims data with some medical information," Unisys said in a statement.

Unisys was hired to assist in insurance collections for VA’s medical centers in Pittsburgh and Philadelphia.

“VA’s inspector general, the FBI and local law enforcement are conducting a thorough investigation of this matter,” said VA secretary James Nicholson.

Earlier, the offices of New Jersey Republican Reps. Frank LoBiondo and Jim Saxton confirmed that local, state and federal law enforcement, including the FBI, are investigating the theft of a desktop computer from the contractor’s office. VA notified the congressmen’s offices Friday evening that information for veterans living in the Pittsburgh, Philadelphia and Southern New Jersey areas might be compromised.

Unisys notified VA Aug. 3 that the computer was missing from its Reston, Va., offices. VA immediately dispatched a team to Unisys to assist in the search for the missing computer and to help determine the precise nature of the information it may have contained.

Unisys had observed security controls, but there was not a requirement to encrypt the data, said Unisys spokeswoman Lisa Meyer.

“The building and floor where the computer was located require security protocols for physical access. Log-in and password protocols also were required to access the data, which were stored in a database on the computer,” she said.

More news on related topics: IT Security, IT Management