.
WASHINGTON (AP) May 22 — Personal data, including Social Security numbers of 26.5 million U.S. veterans, was stolen from a Veterans Affairs employee this month after he took the information home without authorization.
Veterans Affairs Secretary Jim Nicholson said there was no evidence so far that the burglars who struck the employee’s home have used the personal data or even know they have it. The employee, a data analyst whom Nicholson would not identify, has been placed on leave pending a review.
“We have a full-scale investigation,” said Nicholson, who said the FBI, local law enforcement and the VA inspector general were investigating. “I want to emphasize, there was no medical records of any veteran and no financial information of any veteran that’s been compromised.”
US veterans are a vocal group
Veterans advocates immediately expressed alarm.
“This was a very serious breach of security for American veterans and their families,” said Bob Wallace, executive director of Veterans for Foreign Wars. “We want the VA to show leadership, management and accountability for this breach.”
Sen. John Kerry, D-Mass., who is a Vietnam veteran, decried the breach and said he would introduce legislation to require the VA to provide credit reports to the veterans affected by the theft. “This is no way to treat those who have worn the uniform of our country,” Kerry said in a statement.
"But I will not let myself be reduced to silence."
▼ ▼ ▼ MY DIARY
Why on earth would he take that data home to begin with?
ABC news just reported that the analyst took the data home to “work on a project”.
.
A mind-boggling number of persons 26,500,000 are victim of a new form of incompetence by this administration. Long live the massive data bases, data mining and exploitation of privacy by government. Republicans vow security for America?
The nazis exploited the available registration of Dutch citizens by local authorities, to send select groups of intellectuals, Jews and mentally retarded to death camps during WWII. These data bases are a nice target for commercial and political abuse.
"But I will not let myself be reduced to silence."▼ ▼ ▼ MY DIARY
Latest Information on Stolen VA Data {Pass It On}
Below is a statement from the VA, Questions and Answers from FirstGov.gov, and statements from the House Veterans Committee chair Steve Buyer and the Democratic members of the House Veterans Committee. Please forward to other veterans…Joe Bello
~~~~~~~~~~~~~~~~
http://www1.va.gov/opa/pressrel/pressrelease.cfm?id=1123
A Statement from the Department of Veterans Affairs
May 22, 2006
The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from VA, which he was not authorized to do. This behavior was in violation of our policies. This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. Importantly, the affected data did not include any of VA’s electronic health records nor any financial information. The employee’s home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation.
Appropriate law enforcement agencies, including the FBI and the VA Inspector General’s office, have launched full-scale investigations into this matter. Authorities believe it is unlikely the perpetrators targeted the items because of any knowledge of the data contents. It is possible that they remain unaware of the information which they possess or of how to make use of it. However, out of an abundance of caution, VA is taking all possible steps to protect and inform our veterans.
VA is working with members of Congress, the news media, veterans service organizations, and other government agencies to help ensure that those veterans and their families are aware of the situation and of the steps they may take to protect themselves from misuse of their personal information. VA will send out individual notification letters to veterans to every extent possible. Veterans can also go to http://www.firstgov.gov or http://www.va.gov/opa to get more information on this matter. This website is being set to handle increased web traffic. Additionally, working with other government agencies, VA has set up a manned call center that veterans may call to get information about this situation and learn more about consumer identity protections. That toll free number is 1-800-FED INFO (333-4636). The call center will be open beginning today, and will operate from 8 am to 9 pm (EDT), Monday-Saturday as long as it is needed. The call center will be able to handle up to 20,000 calls per hour (260,000 calls per day).
Secretary of Veterans Affairs R. James Nicholson has briefed the Attorney General and the Chairman of the Federal Trade Commission, co-chairs of the President’s Identity Theft Task Force. Task Force members have already taken actions to protect the affected veterans, including working with the credit bureaus to help ensure that veterans receive the free credit report they are entitled to under the law. Additionally, the Task Force will meet today to coordinate the comprehensive Federal response, recommend further ways to protect affected veterans, and increase safeguards to prevent the reoccurrence of such incidents. VA’s mission to serve and honor our nation’s veterans is one we take very seriously and the 235,000 VA employees are deeply saddened by any concern or anxiety this incident may cause our veterans and their families. We appreciate the service our veterans have given their country and we are working diligently to protect them from any harm as a result of this incident.
~~~~~~~~~~~~~~
http://firstgov.gov/veteransinfo.shtml
Latest Information on Veterans Affairs Data Security
The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of VA policies. This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. Importantly, the affected data did not include any of VA’s electronic health records nor any financial information. The employee’s home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation.
Appropriate law enforcement agencies, including the FBI and the VA Inspector General’s office, have launched full-scale investigations into this matter. Authorities believe it is unlikely the perpetrators targeted the items because of any knowledge of the data contents. It is possible that they remain unaware of the information which they possess or of how to make use of it. However, out of an abundance of caution, the VA is taking all possible steps to protect and inform our veterans.
The VA is working with members of Congress, the news media, veterans service organizations, and other government agencies to help ensure that veterans and their families are aware of the situation and of the steps they may take to protect themselves from misuse of their personal information. The VA will send out individual notification letters to veterans to every extent possible. Additionally, working with other government agencies, the VA has set up a manned call center that veterans may call to get information about this situation and learn more about consumer identity protections. That toll free number is 1-800-FED INFO (1-800-333-4636). The call center will operate from 8 am to 9 pm (EDT), Monday-Saturday as long as it is needed.
Here are some questions you may have about this incident, and their answers.
I’m a veteran. How can I tell if my information was compromised?
At this point there is no evidence that any missing data has been used illegally. However, the Department of Veterans Affairs is asking all veterans to be extra vigilant and to carefully monitor bank statements, credit card statements and any statements relating to recent financial transactions. If you notice unusual or suspicious activity, you should report it immediately to the financial institution involved and contact the Federal Trade Commission for further guidance.
What is the earliest date at which suspicious activity might have occurred due to this data breach?
The information was stolen from an employee of the Department of Veterans Affairs during the month of May 2006. If the data has been misused or otherwise used to commit fraud or identity theft crimes, it is likely that veterans may notice suspicious activity during the month of May.
I haven’t noticed any suspicious activity in my financial statements, but what can I do to protect myself and prevent being victimized by credit card fraud or identity theft?
The Department of Veterans Affairs strongly recommends that veterans closely monitor their financial statements and review the guidelines provided on this webpage or call 1-800-FED-INFO (1-800-333-4636).
Should I reach out to my financial institutions or will the Department of Veterans Affairs do this for me?
The Department of Veterans Affairs does not believe that it is necessary to contact financial institutions or cancel credit cards and bank accounts, unless you detect suspicious activity.
Where should I report suspicious or unusual activity?
The Federal Trade Commission recommends the following four steps if you detect suspicious activity:
Step 1 – Contact the fraud department of one of the three major credit bureaus:
Equifax: 1-800-525-6285; http://www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
Experian: 1-888-EXPERIAN (397-3742); http://www.experian.com; P.O. Box 9532, Allen, Texas 75013
TransUnion: 1-800-680-7289; http://www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
Step 2 – Close any accounts that have been tampered with or opened fraudulently.
Step 3 – File a police report with your local police or the police in the community where the identity theft took place.
Step 4 – File a complaint with the Federal Trade Commission by using the FTC’s Identity Theft Hotline by telephone: 1-877-438-4338, online at http://www.consumer.gov/idtheft, or by mail at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington DC 20580.
I know the Department of Veterans Affairs maintains my health records electronically; was this information also compromised?
No electronic medical records were compromised. The data lost is primarily limited to an individual’s name, date of birth, social security number, in some cases their spouse’s information, as well as some disability ratings. However, this information could still be of potential use to identity thieves and we recommend that all veterans be extra vigilant in monitoring for signs of potential identity theft or misuse of this information.
What is the Department of Veterans Affairs doing to insure that this does not happen again?
The Department of Veterans Affairs is working with the President’s Identity Theft Task Force, the Department of Justice and the Federal Trade Commission to investigate this data breach and to develop safeguards against similar incidents. The Department of Veterans Affairs has directed all VA employees complete the “VA Cyber Security Awareness Training Course” and complete the separate “General Employee Privacy Awareness Course” by June 30, 2006. In addition, the Department of Veterans Affairs will immediately be conducting an inventory and review of all current positions requiring access to sensitive VA data and require all employees requiring access to sensitive VA data to undergo an updated National Agency Check and Inquiries (NACI) and/or a Minimum Background Investigation (MBI) depending on the level of access required by the responsibilities associated with their position. Appropriate law enforcement agencies, including the Federal Bureau of Investigation and the Inspector General of the Department of Veterans Affairs, have launched full-scale investigations into this matter.
Where can I get further, up-to-date information?
The Department of Veterans Affairs has set up a special website and a toll-free telephone number for veterans that features up-to-date news and information. Please check this webpage for further updates or call 1-800-FED-INFO (1-800-333-4636).
~~~~~~~~~~~~~
http://veterans.house.gov/news/109/05-22-06.html
Chairman Buyer’s Statement on the VA data leak
“I am deeply concerned that nearly 27 million veterans may be affected by a security breach that could compromise sensitive, personal information. I expect VA’s inspector general and the FBI to work closely together so that we can identify and eliminate the flaws that allowed this leak and prosecute any criminal acts. I know that VA is taking steps to notify veterans and provide help on consumer identity protection. The committee will examine this incident in the context of previous data compromises, to ensure that veterans’ information is safeguarded,” said Chairman Steve Buyer, who was notified of the incident by Secretary of Veterans Affairs R. James Nicholson.
~~~~~~~~~~~~~
FOR IMMEDIATE RELEASE: May 22, 2006
CONTACT: Len Sistek or Geoffrey Collver @ 202-225-9756
http://veterans.house.gov/democratic/welcome.htm
Statement of the Democratic Members of the
House Committee on Veterans’ Affairs
On VA Data Theft
Earlier today, Department of Veterans Affairs (VA) Secretary R. James Nicholson announced that sensitive data collected by the government, containing the names, Social Security numbers and dates of birth for approximately 26.5 million veterans was stolen from a VA official who had removed this data from VA and taken it home. The Secretary was unable to immediately share the exact number of VA employees or others who have access to this sensitive data, nor have we been given the exact reasons why this employee removed the data, some of which reportedly included very sensitive information such as veterans’ disability ratings, from the VA.
The Secretary stated that each veteran will be notified that their personal information has been compromised. A number of law enforcement agencies are working to recover this data.
It is a mystifying and gravely serious concern that a VA data analyst would be permitted to just walk out the VA door with such information. Further, VA must determine who else has access to this type of information, restrict such access to essential personnel only and enforce that internal restriction. The Secretary stated that VA would take steps to assure VA employees complete their special training for safeguarding such information.
The Committee has held a number of oversight hearings in the past on other more limited electronic releases of veterans’ personal information and on what we view as the casual approach some at VA have taken to the importance of safeguarding personal information. Additionally, the VA has not demonstrated an exemplary track record in recent years enforcing its own internal controls or accountability mechanisms.
But, “I told you so” is not an adequate response on Congress’ part. The potential for significant harm if the compromised information should fall into the wrong hands is clear. Examples of problems have appeared in the recent past at VA and ample warnings have been given by our Committee.
The number one problem with this data loss is the potential for identity theft. Over 26 million veterans and their families are at financial risk should their identities be stolen and used for the personal gain of others. This information could also be of value to business interests which focus on veterans and their families in the course of their business dealings. While VA is taking necessary steps to inform the veterans whose private information was compromised, knowledge of that very compromise may create additional stresses in the lives of those veterans. Finally, the sensitive disability rating information included with the compromised data may create other potential problems.
This breach – and any lag from discovery to public revelation — must receive attention from the very top. We must know who is able to access the data entrusted to them by our citizenry. Everything should be on the table to mitigate and correct this serious information privacy breach and ensure that the personal information of our veterans is protected and safeguarded in the future — including possible legislation to “make whole” anyone who suffered harm as a result of this compromise.
The VA has posted information regarding this personal data compromise at: http://www.firstgov.gov. Veterans with questions may call toll free: 1-800-FED INFO (333-4636).
LANE EVANS, Ranking Democratic Member
BOB FILNER
LUIS GUTIERREZ
CORRINE BROWN
MIKE MICHAUD
STEPHANIE HERSETH
TED STRICKLAND
DARLENE HOOLEY
SILVESTRE REYES
SHELLEY BERKLEY
TOM UDALL
JOHN SALAZAR
~~~~~~~~~~~~~~~~
what is a good, solid approach to the problem of identity data theft on a wide scale? It seems like the packaged, ready response is that Real ID crap…
involves access to data on 26 million veterans? Seriously. This is mind-blowing. WTF are they up to now?
indeed…and why do I think this story is just a bit fishy?
entertainment.
What kind of project involves access to data on 26 million veterans? An overall, statistical study of something-or-other, most likely.
Veterans Affairs, of course, didn’t have the competence or motivation to store this information in a secure database that would enable an employee to access it from home, but only to extract broad statistics that reveal nothing about individuals.
Or, obviously, to keep employees from reading the whole damn thing, in detail, while at work.
the data does not include medical or financial information — only name, S.S.# and DOB, just the stuff an ID thief needs. So what’s to analyze in a database with only three fields? The distribution in age groups? Astrology signs? Concentrations in birth states? This is the type of root database that would be run against other data to identify those who fell, for instance, into certain financial or medical categories after that statistical info was defined and determined. By itself, it couldn’t be sorted in any useful way I can think of.
Like you say, the very idea that this info would be lying around on a portable storage device is stunning. It seems unbelievable that the VA would be so ignorant of basic data security.
There’s more to this story that isn’t being told…
That is indeed a very odd dataset for statistical analysis.
Looky… another fuck up.
More proof that we need protection from our government.
First thing I did this morning when I got up and the bank was open I secured my financial situation more. I refuse to have anything taken away from me that I had years in developing. I resigned my commission in 81….
I never did like the VA, and this just signed and sealed my feelings about them. My medical info is there as well, but I suppose they can and are welcome to it….for whatever good it will do for them.
The financial thing is a different thing….
I suggest everyone do likewise….even with wives or S/O on a bank account.
Plus, while int he AF, my service number was my SS number. I always was worried about that one….;o(
Brenda, yeah the VA is nothing but one fuck up after another.
Guess how long it has taken them to change our address? 6 months and counting. It took 14 months for them to even get the understanding of direct deposit into a Navy Federal credit union account. Now we have it go into a civilian account and I can’t begin to tell you how long that took.
My husband is again livid and again has one more stressbuster to worry about.
Glad you got everything working out. 🙂
Thanks DJ. I did not do anything but wait till the bank opened for my call to them…
The time it took you family to get the address and such changed over from the VA stance is typical of them. Just like everything they do…I do not trust them one bit.
Like someone said above, what do they need just our names DOB and SS# for on just one disc anyhow. That is some way to keep some sort of records….right!!! :o( As far as I am concerned, they are just one group of incompetent BS types.
I was wondering why I was getting all those mail offers for “army chick porn”.
That’s really not my bag, baby.