GovernmentExecutive.com

The FBI on Thursday announced that the laptop computer and external hard drive stolen from a Veterans Affairs Department employee's home early last month, compromising personal information on 26.5 million veterans, has been recovered.

A preliminary inspection indicated that the data, which included Social Security numbers, dates of birth and other sensitive information, potentially on active-duty military service members as well as veterans, has not been touched or copied, the FBI said in a statement. A more thorough forensic investigation is under way.

The FBI in Baltimore announced the discovery, along with the Veterans Administration Inspector General's Office and the Montgomery County, Md., Police Department. The three thanked the Park Police for "invaluable work in this case."

VA Secretary James Nicholson discussed the development with reporters Thursday, before the last in a series of House Veterans' Affairs Committee hearings examining how the breach occurred and what could be done to keep information more secure in the future.

He could not provide further details on the recovery but did say somebody will likely receive the $50,000 reward that had been offered for help finding the equipment.

The VA secretary also noted that the discovery will not change plans to strengthen the department's data security policies. Regardless of how the incident ends, the breach was a "wake-up call" for the agency, he said.

The data loss occurred on May 3, when the laptop and hard drive were stolen from the VA analyst's suburban Maryland home in what appeared to be a routine burglary. The employee had worked for the department for 34 years and had been taking sensitive data home routinely since 2003.

VA officials have initiated the process of firing the analyst and replacing the officials in charge of the Office of Policy and Planning where he worked. The incident has prompted the department to limit telework, beef up security training and suspend use of employee-owned computers for official agency business. Members of Congress also are weighing legislative remedies, including changes to the 2002 Federal Information Security Management Act and the requirements for disclosing breaches.

The break has been costly. As of mid-June, the department was spending about $200,000 a day to operate a call center for veterans and active-duty service members seeking information. Congressional appropriators granted the agency permission to shift up to $25 million of its fiscal 2006 funding to handle the initial expenses linked to the theft.

Additionally, the White House has asked for $160 million to cover the costs of one year of free credit monitoring for affected veterans. It is unclear whether the discovery of the equipment would eliminate the need for that service.

COMMENTS

• This is great news. However, contrary to earlier reports, a number of documents have surfaced showing that the VA analyst had official permission to take the data home as early as 2002. In the end it appears that the analyst followed procedures, including quickly reporting the crime. If there is fault here, it is with higher up VA policymakers. GovExec.com reader Posted June 29, 2006 2:37 PM
• The employee’s supervisor should be fired as well. Also, limiting telework??? What an odd thing. This issue involves data management and security. Lastly, the federal government needs to look closely at the widely practiced use of jump (aka fob, thumb, etc.) drives. Talk about a security vulnerability ... this one really scares me!!! Jeff Posted June 30, 2006 9:35 AM
• The $160 million is necessary for all veterans. After the Bank of America travel card for DoD personnel last year, I'm really getting tired of having to pay for credit watches on my reports. As a veteran, this is one time Uncle Sam ought to foot the bill! Phil Posted June 30, 2006 4:06 AM