WASHINGTON - Sensitive information on millions of U.S. military personnel and veterans remains at grave risk because of weak security controls that have not yet been fixed, government investigators said Wednesday.
In testimony to Congress, the Government Accountability Office and Veterans Affairs inspector general detailed ignored warnings, weak management and lax rules in their review of VA information security following the theft of 26.5 million military personnel's private data last month.
They found that the Veterans Affairs Department routinely failed to control and monitor employee access to private information, did not restrict users to "need-to-know" data and often waited too long to terminate accounts when an employee quit or was fired.
The investigators also said the VA lacked a clear chain of command in enforcing security, noting the agency will need dramatically stronger leadership under VA Secretary Jim Nicholson to force reform after five years of repeated warnings about security.
http://news.yahoo.com/s/ap/vets_data_theft