Personal Data on Veterans Is Stolen
Washington Post | May 23, 2006
By Christopher Lee and Steve Vogel
As many as 26.5 million veterans were placed at risk of identity theft after an intruder stole an electronic data file this month containing their names, birth dates and Social Security numbers from the home of a Department of Veterans Affairs employee, Secretary Jim Nicholson said yesterday.
The burglary occurred May 3 in Aspen Hill, according to a source with knowledge of the incident who spoke on the condition of anonymity because the matter is under investigation.
A career data analyst, who was not authorized to take the information home, has been put on administrative leave pending the outcome of investigations by the FBI, local police and the VA inspector general, Nicholson said. He would not identify the employee by name or title.
"They believe this was a random burglary and not targeted at this data," he said. "There have been a series of burglaries in that community. . . . There is no indication at all that any use is being made of this data or even that they know that they have it." Nicholson said affected veterans include anyone discharged after 1975 and some of their spouses, as well as some veterans discharged before then who submitted a claim for VA benefits.
The theft represents the biggest unauthorized disclosure ever of Social Security data, and it could make affected veterans vulnerable to credit card fraud if the burglars realize the value of the data, one expert said.
"In terms of Social Security numbers, it's the biggest breach," said Evan Hendricks, publisher of the Privacy Times newsletter and author of the book "Credit Scores and Credit Reports." "As long as you've got that exact Social, most of the time the credit bureaus will disclose your credit report, and that enables the thief to get credit."
For years, the VA inspector general has criticized the department for lax information security, chiefly concerning the ease with which hackers might penetrate VA computer systems. "VA has not been able to effectively address its significant information security vulnerabilities and reverse the impact of its historically decentralized management approach," acting Inspector General Jon A. Wooditch wrote in a November 2005 report.
Democrats on the House Veterans Affairs Committee issued a statement calling on the department to restrict access to sensitive information to essential personnel and to enforce those restrictions. "It is a mystifying and gravely serious concern that a VA data analyst would be permitted to just walk out the VA door with such information," the statement said. Sen. Larry E. Craig (R-Idaho), chairman of the Senate Veterans Affairs Committee, said his panel will hold hearings on information security at the department.
Nicholson would not discuss specifics of the incident, saying doing so could hurt the investigation. The data do not contain medical records or financial information but in some cases show disability ratings, he said. "The employee took it home to work with it," he said. "He was working on a project . . . but he was not authorized to take it home."
According to a police report, someone pried open a window to the employee's home between 10:30 a.m. and 4:45 p.m. on May 3. The burglar or burglars took a laptop, an external drive and some coins. The theft was reported that day to Montgomery County police, according to the report.
Police think the crime may be related to a nearby break-in on the same day, the source said. Police are also investigating whether several burglaries in Rockville may be connected.
Although publicly revealing the incident may alert the thieves to the value of the data, Nicholson said VA officials decided that veterans needed to know to monitor their credit scores and credit card and bank statements. The department plans to send letters to all of the veterans to notify them that their personal information has been compromised, Nicholson said.
After the first meeting of President Bush's task force on identity theft yesterday, Attorney General Alberto R. Gonzales, the panel's chairman, said: "I've directed prosecutors to exercise zero tolerance for those who engage in identity theft that may be related to this incident."
Identity theft and fraud have become a national problem. Three years ago, federal authorities estimated that 750,000 people fell victim to some identity scam. These days, the estimate is as high as 10 million.
"This is an enormous breach, and because the data was not stored securely, millions of people are at risk," said Ari Schwartz, deputy director of the nonprofit Center for Democracy and Technology, a privacy group. "If it's a garden-variety burglary, it's wise for veterans to monitor their credit reports regularly, but they shouldn't expect that they are going to see anything weird."
In February 2005, Bank of America Corp. acknowledged that computer tapes with personal information on 1.2 million federal employees, including some senators, had been put on an airplane in December 2004 and lost. The data included Social Security numbers and account information that left customers of a federal government credit card program vulnerable to identity theft.
In 2004, ChoicePoint Inc., a large information seller based in Alpharetta, Ga., delivered thousands of electronic reports containing names, addresses, Social Security numbers and, in some cases, credit histories to people in the Los Angeles area posing as legitimate debt-collection, insurance and other small-business officials. At least 700 victims had their mailing addresses changed, apparently by people connected to the scheme who wanted to gain control of credit card offers, bank records and other sensitive mail.
In the ChoicePoint case, the company offered victims free credit reports and credit-monitoring services for the next year. Nicholson said VA officials have not discussed whether to provide financial assistance to affected veterans.
He said he has directed all VA employees to complete a computer security training course by the end of June. The department is conducting an inventory of VA positions that require access to sensitive data. Those who do need access will have to undergo new background reviews, in some cases to be conducted by the FBI, Nicholson said.
Bob Wallace, executive director of Veterans of Foreign Wars, a service organization, said: "We're already starting to have members call and ask what does it mean for them, what should they do, and so on."
INFOWARS: BECAUSE THERE'S A WAR ON FOR YOUR MIND
Infowars.com is Copyright 2006 Alex Jones | Fair Use Notice