The Data Theft Story That Keeps Changing

The current administration has a nasty habit of data trickle, where bad stories seem to get sharply worse every few days. Today's contribution was the latest on the Veterans Affairs burglary that netted a laptop with lots of sensitive information on it.

Ever since last month's burglary story broke, government officials have repeatedly adjusted the official story, as StorefrontBacktalk noted this weekend.

On Tuesday, the story was upgraded again citing that the personal data on some 2.2 million active-duty troops may have been exposed. That means, according to Reuters, that "nearly all current U.S. military personnel may be at risk for identify theft."

A related data theft story involves Expedia's loss of sensitive data when someone stole a laptop from a car. On Monday, Expedia had hired a PR firm to call reporters and stress that the incident was not in reality exposing its customers to identity thieves, but merely to credit card thieves.

Now there's a comforting distinction. First, what does it say about Expedia that it not only felt that exposing customers to credit-card theft was a lot nicer than exposing them to identity thieves, but it was willing to pay money to try and make that difference clear?

Even better, one could make the argument that if you give a clever con artist sufficient access to a consumer's credit card data, they will easily be able to extract enough personal data to try for an identity theft.

That all said, did either Expedia or the VA act recklessly? The lack of encryption suggests they might have. The Expedia person left the laptop in a car, which is certainly tempting fate.

After we wrote this weekend after being afraid to leave a laptop in a hotel room, a security consultant firm wrote to say they recommend clients leave the laptop, but to take with them the hard-drive. I have to admit that I like that idea, but am wondering how often I'd bother trying to unscrew the hard-disk and somehow carrying it with me.

Part of the problem here has little to do with data thieves. PDAs, laptops and other portable devices (such as these very cool tablet computers) are becoming expensive, easy to steal and easy to sell. The data on them may be worth millions to the victim but I am guessing most thieves will ignore it.

But all we need are a few thieves to not ignore it and we'll have a very interesting nightmare.