You know there's quite a bit that's odd about this story from the outset. If there was some sort of db containing 26.5 million records on it you're probably talking multiple terabytes of data in a password protected database. Why this would be on a laptop loaded up with server sized disk space is unclear unless it wasn't really a theft. I don't know how the VA operates its data storage but there are a lot of things that are very odd about this story.

If there was some sort of db containing 26.5 million records on it you�re probably talking multiple terabytes of data in a password protected database.

Not so, all that can be stored in as little as a couple GB depending on the amount of data per record.

Absolutely, ICallM. No way can an ordinary laptop manipulate (or possibly even load) a database with that many records...

Has anyone seen any news on the investigation of the guy who "lost" the info in the first place?

Michael,
Yes, it it's bare-bones info in raw text, but there was supposedly enough data in each record to facilitate ID theft, so it's gotta have at least full name, DOB, SSN, and probably a few other things as well... What the heck was the purpose of the original DB, anyway? Was it for billing? or medical history? Has that ever been discussed in the press?

'but there was supposedly enough data in each record to facilitate ID theft, so itâ??s gotta have at least full name, DOB, SSN, and probably a few other things as well'

Right - and I maybe wrong but I was under the impression that the 26.5 m records relates to individual personnel and other beneficiary records so add in whatever the associated transaction records and reference tables there are for the rdbms. Unless the disk was swapped in from another machine for some unknown reason - and if it was theft just take the disk - I'm very skeptical about the whole situation.

First...
As to how they knew the stuff hadn't been accessed; Everything past about nt3.51 (Assuming NTFS) contains a record of last file access and last file modified among other things.

Secondly...

And does the government being involved in the more celebrated laptop theft, constitute a larger security breach, than say a private concern? I don't think so, though it certainly does make a handy lever, if you don't happen to like the current administration.

Think I'm kidding? Consider the following story from the Register:

Health insurance firm Medical Excess one-upped the laptop loss crowd by forking over an entire server with personal information on close to 1m people.

Medical Excess - an AIG company - began notifying customers this month that a break in at one of its offices has resulted in the the theft of a camera, two laptops and a file server. That server happened to contain the names, birth dates and social security numbers of 970,000 people. Even worse, some individuals have had their medical and disability information compromised by the theft.

"The investigation following the theft of the server was quite complicated because data that was equal to one hundred million typewritten pages was stored on the server, much of which had to be manually reviewed," Medical Excess wrote to customers, in a letter obtained by The Register.

Wouldn't you think that this kinda of theft that The Register is writing about here would get equal billing in the media, to the screaming over the VA a few months ago? That the volume of screaming is far from equal for the data thefts of private information not involving the federal government, should give a clue.