Privacy Tip #214 – Veterans Warned of Risk of Misuse of Sensitive Personal Information

The Department of Veterans Affairs’ Office of Inspector General (VA OIG) recently completed an audit of the VA’s Milwaukee Regional Office after it was tipped off by a whistleblower about the exposure of sensitive information on shared drives by employees who did not have authorization to view the information.

According to the audit, sensitive information of veterans was stored on two shared network drives on the VA Enterprise network, so any of the Veterans Administration’s 25,000 employees who had permission to access the VA network could access the files stored on the shared drives. The information contained on the drives includes veterans’ names, addresses, dates of birth, telephone numbers, disability claims information and “other highly sensitive and confidential information.” Although the audit was of the Milwaukee Regional Office, the audit report states that the exposure of data was not limited to that office, so this is considered a national issue.

The exposure was caused by three reported failures: the deliberate or inadvertent negligence by staff who stored the information on the network drives in violation of VA policies; a lack of technical controls to prevent the inappropriate storage of the data on shared network drives; and inadequate oversight to ensure compliance with VA rules.

According to the VA OIG, “Veterans are at significant risk of unauthorized disclosure and misuse of their sensitive personal information. This has the potential to expose veterans to fraud and identity theft.”

With this warning, veterans may wish to consider taking measures to mitigate their risk of becoming a victim of identity theft, including accessing the Federal Trade Commission’s (FTC) website to get tips on how to do so.