185,000 victims of VA ex-employee fraud
Technorati Tag: Security Breach
Date Reported:
11/16/07
Organization:
U.S. Department of Veterans Affairs
Contractor/Consultant/Branch:
Office of Inspector General
Victims:
United States armed forces veterans*
*assumed, but not confirmed
Number Affected:
185,000
Types of Data:
Names, addresses, and Social Security numbers.
Breach Description:
A file belonging to the U.S. Department of Veterans Affairs (VA), containing Social Security numbers and personal information about 185,000 people was found on a computer belonging to Tae Kim, a suspected member of the Koreatown Gangsters. Tae Kim is former employee of the VA.
Reference URLs:
Orange County Register Story
KABC-TV ABC News Story
Report Credit:
Orange County Register
Response:
From the sources cited above:
A 28-year-old man who allegedly stole 1.8 million Social Security numbers from the Department of Veterans Affairs was behind bars Saturday.
Veterans Affairs' officials have said only 185,000 numbers are at risk because many were repeated in the file.
Tae Kim, 28, was booked at Orange County Jail and is being held in lieu of $1 million bail after being arrested at 5 p.m. Thursday at a car wash in Koreatown, police said.
On April 7, two Asian men identified as Kim and Justin Hong, purchased jewelry from Jewelry Exchange at 15732 Tustin Village Way using three skimmed cards belong to three different victims, one of whom was actor Marlon Wayans, Strain said.
Kim was on formal probation and a search was conducted at his Los Angeles residence June 14 where a computer was taken as evidence. After a search warrant was obtained, police found the Social Security numbers hidden in a computer file.
Kim had worked at the Veteran Affairs office since 2003 when he was a student at USC but quit in February of this year when he discovered a background check would be conducted.
[Comfyllama] So let me see if I understand this. A (suspected) gang member was able to gain and maintain employment at the United States Department of Veterans Affairs for three plus years without a background check? I suppose he could have had a clean criminal record when he was hired, then got into trouble. It stinks that he was able to obtain (or worse yet, was given) access to sensitive information.
The U.S. Department of Veteran Affairs verified that Kim did not have permission to possess the Social Security numbers. Officials have notified several victims from Orange County, police said.
Kim is believed to be a member of Koreatown Gangsters, police said. He faces eight different charges, including commercial burglary, fraudulent use of an access card, identity theft, criminal street gang activity and computer access fraud.
Commentary:
Employee fraud is often difficult to detect until it’s too late. A few good "best practice" administrative controls are background checks, segregation of duties, and cross training and rotation. Of these, background checks are probably the least effective in my opinion. A combination of the three is the path offering the least risk.
Let's hope that more Mr. Kim's get caught sooner, and they are not given the opportunity to affect peoples' futures again.
Interesting Tid-bits:
One of the audits the Tae Kim was assigned to.
Another audit in 2005.
(were these security related audits?)
Past Breaches:
Veterans Administration:
November, 2007 - Computers stolen from Roudebush VA Medical Center
September, 2007 - 700 VA employees are exposed in poorly secured mailings
January, 2007 - External hard drive missing that contains personal information belonging to 250,000+ veterans
August 2006 - Unysis (a VA contractor) reports that a computer containing personal data on 18,000+ is missing
May, 2006 - 26.5 million veterans suffer lost personal information when a laptop is stolen from a VA data analyst's home
Date Reported:11/16/07
Organization:
U.S. Department of Veterans Affairs
Contractor/Consultant/Branch:
Office of Inspector General
Victims:
United States armed forces veterans*
*assumed, but not confirmed
Number Affected:
185,000
Types of Data:
Names, addresses, and Social Security numbers.
Breach Description:
A file belonging to the U.S. Department of Veterans Affairs (VA), containing Social Security numbers and personal information about 185,000 people was found on a computer belonging to Tae Kim, a suspected member of the Koreatown Gangsters. Tae Kim is former employee of the VA.
Reference URLs:
Orange County Register Story
KABC-TV ABC News Story
Report Credit:
Orange County Register
Response:
From the sources cited above:
A 28-year-old man who allegedly stole 1.8 million Social Security numbers from the Department of Veterans Affairs was behind bars Saturday.
Veterans Affairs' officials have said only 185,000 numbers are at risk because many were repeated in the file.
Tae Kim, 28, was booked at Orange County Jail and is being held in lieu of $1 million bail after being arrested at 5 p.m. Thursday at a car wash in Koreatown, police said.
On April 7, two Asian men identified as Kim and Justin Hong, purchased jewelry from Jewelry Exchange at 15732 Tustin Village Way using three skimmed cards belong to three different victims, one of whom was actor Marlon Wayans, Strain said.
Kim was on formal probation and a search was conducted at his Los Angeles residence June 14 where a computer was taken as evidence. After a search warrant was obtained, police found the Social Security numbers hidden in a computer file.
Kim had worked at the Veteran Affairs office since 2003 when he was a student at USC but quit in February of this year when he discovered a background check would be conducted.
[Comfyllama] So let me see if I understand this. A (suspected) gang member was able to gain and maintain employment at the United States Department of Veterans Affairs for three plus years without a background check? I suppose he could have had a clean criminal record when he was hired, then got into trouble. It stinks that he was able to obtain (or worse yet, was given) access to sensitive information.
The U.S. Department of Veteran Affairs verified that Kim did not have permission to possess the Social Security numbers. Officials have notified several victims from Orange County, police said.
Kim is believed to be a member of Koreatown Gangsters, police said. He faces eight different charges, including commercial burglary, fraudulent use of an access card, identity theft, criminal street gang activity and computer access fraud.
Commentary:
Employee fraud is often difficult to detect until it’s too late. A few good "best practice" administrative controls are background checks, segregation of duties, and cross training and rotation. Of these, background checks are probably the least effective in my opinion. A combination of the three is the path offering the least risk.
Let's hope that more Mr. Kim's get caught sooner, and they are not given the opportunity to affect peoples' futures again.
Interesting Tid-bits:
One of the audits the Tae Kim was assigned to.
Another audit in 2005.
(were these security related audits?)
Past Breaches:
Veterans Administration:
November, 2007 - Computers stolen from Roudebush VA Medical Center
September, 2007 - 700 VA employees are exposed in poorly secured mailings
January, 2007 - External hard drive missing that contains personal information belonging to 250,000+ veterans
August 2006 - Unysis (a VA contractor) reports that a computer containing personal data on 18,000+ is missing
May, 2006 - 26.5 million veterans suffer lost personal information when a laptop is stolen from a VA data analyst's home
Posts Atom 1.0
Comments