VA data files on millions of veterans stolen
- By Mary Mosquera
- May 22, 2006
The Veterans Affairs Department today revealed that personal, identifying data for as many as 26 million American veterans was stolen from a VA employee's home in May.
The information is a list of all veterans who served in the military and were discharged since 1975.
A VA employee took files home as part of department work on a data collation project to simplify some VA processes. Subsequently, someone broke into the employee's home and stole the data.
The career employee, a data analyst, was not authorized to take the files home, said VA secretary Jim Nicholson in a teleconference with reporters.
He would not say what form the data was in.
The data analyst, whom VA would not identify, has authority to access the information for his job but did not follow procedures to safeguard the data. He has been put on administrative leave pending the outcome of the investigation, the secretary said.
'We do have people that telecommute. We have a system of policies and controls that are in place and operating, and this person violated those,' Nicholson said.
The veterans' personal information that was compromised included names, Social Security numbers and dates of birth. The data contained no medical or financial information, but there may be disability numerical rankings, he said.
'Considering the pros and cons of going public, we've decided to come down on the side of making veterans aware. There is no indication that any unauthorized use is being made of this data or that they (the burglars) know that they have it,' he said
The FBI, VA's inspector general and local law enforcement are investigating the theft. Investigators believe the burglary was random and not targeted for the VA information. Several thefts have been reported in the community. The secretary would not pinpoint exactly when the robbery took place, only that it was sometime this month.
Nicholson has taken initial steps inside and outside government to alert veterans and improve data security. He has briefed the co-chairs of the President's Identity Theft Task Force, which is charged with better securing government-held personal data. Attorney General Alberto Gonzales and Federal Trade Commission chairwoman Deborah Majoras lead the task force and he will confer with them today in a previously scheduled meeting.
'This will be the number-one topic,' he said.
Other steps he has taken to alert veterans and tighten security include:
- VA has established a Web site to inform veterans.
- VA is notifying veterans, including checking with the Social Security Administration and the IRS for correct addresses.
- VA will conduct an inventory of those with access to sensitive VA data and possibly ask the FBI for background investigations depending on the level of access and responsibilities.
- VA will accelerate the requirement that all employees complete a cybersecurity training course to June 30 this year.
- VA employees will have to sign an annual statement of their awareness of privacy and security responsibilities and consequences of disclosing personal information.
Originally posted at 12:09 p.m. and updated at 3:18 p.m.
Mary Mosquera is a reporter for Federal Computer Week.