The Department of Veterans Affairs reported Monday that a laptop computer containing the names, dates of birth and Social Security numbers of over 26,000,000 veterans was stolen from the home of an employee who had taken the data home without authorization.
In response, the VA is sending the following letter (PDF) to veterans whose names were on the list. It has also published a list of Frequently Asked Questions (PDF) about the data breach, as if they already know what questions will be frequently asked.
Dear Veteran:
The Department of Veterans Affairs (VA) has recently learned that an employee took home electronic data from the VA, which he was not authorized to do and was in violation of established policies. The employee’s home was burglarized and this data was stolen. The data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. As a result of this incident, information identifiable with you was potentially exposed to others. It is important to note that the affected data did not include any of VA’s electronic health records or any financial information.
Appropriate law enforcement agencies, including the FBI and the VA Inspector General’s office, have launched full-scale investigations into this matter. Authorities believe it is unlikely the perpetrators targeted the items because of any knowledge of the data contents. It is possible that they remain unaware of the information which they possess or of how to make use of it.
Out of an abundance of caution, however, VA is taking all possible steps to protect and inform our veterans. While you do not need to take any action unless you are aware of suspicious activity regarding your personal information, there are many steps you may take to protect against possible identity theft and we wanted you to be aware of these. Specific information is included in the attached question and answer sheet. For additional information, the VA has teamed up the Federal Trade Commission and has a website (www.firstgov.gov) with information on this matter or you may call 1-800-FED-INFO (1-800-333-4636). The call center will operate from 8 a.m. to 9 p.m. (EDT), Monday-Saturday, as long as it is needed.
We apologize for any inconvenience or concern this situation may cause, but we at the VA believe it is important for you to be fully informed of any potential risk resulting from this incident. Again, we want to reassure you we have no evidence that your protected data has been misused. We will keep you apprised of any further developments. The men and women of the VA take our obligation to honor and serve America’s veterans very seriously and we are committed to seeing this never happens again.
Sincerely,
R. James Nicholson
Secretary of Veterans Affairs
The laptop was stolen May 3 from the home of a VA computer analyst in what a government source tells CNN was a random burglary. The source further said that it waited to notify the public and affected veterans to see if it could catch the culprit.
The employee who took the data home and whose house was burglarized has been placed on administrative leave, according to a statement released by the VA Monday. In addition, the Federal Bureau of Investigation and VA Inspector General’s office have launched an investigation into the burglary.
While there is “no indication at this time” that any of the data has been used for identity theft, Nicholson said, the data in the stolen files is more than sufficient to get a criminal who knows what he is holding many thousands of credit cards in veterans’ names.
The Federal Trade Commission maintains a Web site on how to protect yourself from identity theft, and anyone can obtain their credit reports for free at least once a year by visiting http://www.annualcreditreport.com/. Affected veterans can ask any of the credit reporting agencies to place a fraud alert on their accounts, which will help prevent criminals from opening new credit accounts in their names.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Bad Behavior has blocked 3284 access attempts in the last 7 days.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
mary
May 22, 2006
Well that is another fine blunder from this administration. Let’s see, you allow our identity that we fought to preserve get stolen… now just how responsible are you to what happens to our identity? And putting stupid comments like “If you do not comment, you’re letting the terrorist win”? threats. Seems to me, that since this administration started, none of us will be safe ever again.
Michael Hampton
May 22, 2006
Well, if you don’t comment, then the terrorists will win.
Bruce
May 22, 2006
I don’t think the “administration” had much to do with this. Remember that President Bush and his dad both are quite likely on the list as well, with all their personal info. More than I can say for the previous administration–you remember, the one that gave nuclear secrets to China, and rented out the Lincoln Bedroom for campaign contributions, as well as prying all the “W”s off every computer keyboard in the White House before they left, along with china missing from Air Force 1, etc. etc.
I think this was more along the lines of an employee trying to get a job done, and making a mistake and committing a security violation. How that happened I’d really like to know – I remember having un-networked computers with removable hard drives that were locked in a safe for the confidential plans, training, and status data my unit had on hand when I was in. It was impossible to “forget” that classified info was out of the safe, or “take it home by accident”. If data like this is on a laptop, it should be locked in a safe each night.
May 22, 2006
The Jawa Report
May 22, 2006
Not Exactly Rocket Science
pat
May 22, 2006
I smell a rat in this incident. It is common knowledge that data of this type is extremely valuable on the cyber underground. I would not be surprised to learn that this whole “burglary” was staged. While home invasions and burglaries are a bit more common in parts of Maryland than my home in Virginia, it is still much more rare than, say, breaking into a car to steal a laptop. Im glad they got the top cops on this one and I hope the catch the criminal soon.
Jason
May 22, 2006
Hahahahahahahah
“mary” thinks this is a government run website.
That’s about as bad as all the WalMart, Target, and… uhhh, wasn’t their a third one?
Whatever, all those online applications and all the people that provide their PERSONAL INFORMATION on a random website on the internet.
Note: SEO and the public display of it (plus splogging) means that the #1 results on Google aren’t what you need!
*sigh*
I hate people…
Christopher
May 23, 2006
Hey io_error, on our AFN channels ( military cable tv ) they mentioned this. I also think we are about to have a breifing about it now. Although the public is aware of it much, I think the military is starting to take some measures, small, but some.
Michael Hampton
May 23, 2006
That’s good to hear. DoD and VA have been pretty good at trying to get the word out, and it’s the MSM that’s been slow to pick up the story. The only thing I can do is to let people know.
Brett
May 23, 2006
I have several problems here. First, this twit is on admin leave! His behind should BE behind bars period. Second, he just “happens” to get burglarized when a laptop worth millions is in his home… And OJ is “still looking for the real killers.” Hah!
This guys supervisor should be fired too. Somebody please ANSWER UP for lax information security practices.
Will the VA pony up the legal fees for vets when their ID’s are stolen and lives ruined? Not very likely. They will get a so sorry letter and a pat on the head.
Call me what you will, but we need to go back to the “cold war” mentality with information security. You break the rules… you go to jail; for a very long time. If people knew they would face 25 years minimum for this stuff I dare say it just might stop happening.
Michael Hampton
May 23, 2006
Brett, I actually reproduced the “so sorry” letter above. And yes, that’s about all you are likely to get. It’s extremely difficult to sue the government, and even the ambulance chasers are going to be hesitant to touch this, at least until a few million veterans find things on their credit reports that shouldn’t be there.
May 23, 2006
IMAO
May 23, 2006
Bad Example
Chris
May 24, 2006
Are there really twenty six million veterans in the US? Just under nine percent of the population has served?
Kevin Fields
May 24, 2006
I have no problem in believing that this was a simple break-in looking for hot items that will move fast. I have no problem believing that a government employee would do something this stupid, either.And no problem with the initial cover-up either.
In fact, I have no problem with this story at all. Other than the small, minor fact that once again our veterans are screwed over because somebody simply didn’t care enough to do the right thing.
Michael Hampton
May 24, 2006
Chris, the number sounds right to me.
The data as it’s been described to me consists of every servicemember discharged since 1975, and servicemembers discharged before 1975 who have visited a veterans’ hospital.
This surely includes a few people no longer living.
Another thing to realize is that in the U.S., credit records do not depend on your street address, and so your address is not necessary to commit identity theft.
Fleeb
May 24, 2006
Actually, the government should do more to stop financial institutions from demanding SSNs in the first place.
You are not legally obliged to provide that information, but these days financial institutions will simply not provide their service to you if you fail to provide it.
That number is currently used in ways it was never intended.
It’s a shame that I’ve built up so much credit, only to have it potentially ruined by some employee who was probably overstressed and trying to do his work at home (at least, to be charitable about this). Because, very likely, I’m one of those veterans affected by this.
Of course, you realize, this same sort of data theft (although not on such a grand scale) could be committed by pretty much any human resource person in any large corporation. This is all the more reason why financial institutions need to stop depending on SSNs, and find a more reasonable system… or, they need to start suffering for the abuses they heap upon those whose identities are stolen.
Michael Hampton
May 24, 2006
Well, the problem right now is that your beloved federal government actually requires financial institutions to ask for the SSN. It’s even in the Unpatriotic Act.
Everytime I see “government should do more” of anything, I become very afraid. Government should do less, not more.
Laurent
May 25, 2006
The social security number is our whole problem. Many banks aren’t equiping themselves to alternatives other than the social security in call data or id. Trouble is there is the banking system has not kept up with fraud technology. Motor vehicle departments nation wide have adopted id away from the soc. sec. number and I think it’s time we do a customer demand to banks. Don’t expect the government to do anything on time.
Remember too when the Marti Gras took full swing in New Orleans, the FEMA ice trucks finally showed up.
Laurent
May 26, 2006
VA computer security sucks - Homeland Stupidity
Jun 08, 2006
Active duty military data on stolen VA laptop - Homeland Stupidity
Jun 11, 2006
Stand-down at VA to tighten laptop security - Homeland Stupidity
Odis
Jun 14, 2006
Veterans’ personal information was stolen.
Hello:
First, I would like to say, forgive me I am not a writer so bare with
my grammar and spelling errors. I an a veteran and recently received a letter from the Secretary of Veterans Affairs informing there was a burglary involving names, social security numbers and date of births of 26.5 million veterans and some spouses.
I would like to draw you attention to a growing problem here in
America.
That is, Felony Identity Theft. The common form of ID theft is credit card fraud. Though this form of ID theft is sometimes annoying, but it is easy to correct by contacting the three major credit bureaus. Felony ID theft is as follows: A person is arrest for a felony crime while assuming some else’s identity. The victim’s name (to include date of birth and SSN) then becomes an alias of the felon’s. ie, “Felon’s name” A.K.A. “victim’s name”. The two name are link in every criminal background check and legal document. In most cases, the victim is unaware that a crime as taken place. Unlike credit card fraud, there is NO legal method for removing a victim’s name from a criminal record. The only resolution is for the victim must hire an ID Theft Attorney for $1,500-$2,000 to write a legal document to “Remove” victim’s name or “Seal” the criminal records. The is call a “Letter of Expongment”. In theory, the victim is aiding the criminal by remove the original felony charge.
As of January 2006, 80% of companies in the US. a Canada are conducting criminal background checks on perspective employees. The results are not disclosed to the interviewee and in most cases, this information is not disclosed to the interviewer. The interviewer is told, “the position in on hold” or “canceled”.
Felony ID Theft is much different than financial ID theft. Veterans Affairs must be aware of such “Expongment” laws and must work hard to change them.
Thank you for you time,
Odis
Jun 22, 2006
26,000 USDA employees warned of personal data theft - Homeland Stupidity
Jun 23, 2006
FTC laptops stolen; 110 to be notified of personal data theft - Homeland Stupidity
Jun 29, 2006
Stolen VA laptop recovered; no identity theft reported - Homeland Stupidity
flux
Jun 30, 2006
I have formally written a letter requesting my service jacket be burned and any SSN records containing my info be removed and destored.
flux
Jun 30, 2006
http://blog.myspace.com/fluxbios
Can I seek a higher authority to deliver justice to these idiots?
Aug 07, 2006
VA contractor computer with personal data stolen - Homeland Stupidity
ken
Sep 21, 2006
This is a link I found showing how may other SS# thefts have happened recently.The NWO is run by losers of the highest order.
God Bless America
http://www.waynemadsenreport.com/Datathefts.php
Feb 07, 2007
Thieves target government records for identity theft - Homeland Stupidity