The names, Social Security numbers and birth dates of up to 50,000 active-duty military personnel were included in the data stolen from a Veterans Affairs Department employee's home last month, the department announced Saturday.
Among the 26.5 million people with records affected by the security breach were 10,000 to 20,000 National Guard and Reserve personnel on at least their second active-duty call-up. The compromised information may also include personal details on 25,000 to 30,000 active duty Navy personnel who completed their first enlistment term prior to 1991.
VA said in its statement that it learned of this "through its ongoing analysis of the data."
The department is working with the Defense Department to match the data and verify those potentially affected. Individual notification letters are being sent to those who could be affected by the stolen data, according to the statement.
Active-duty military personnel may be included in the compromised VA database because the individuals were issued notifications from the Pentagon, known as a DD-214s, or separation from active service notices, once they completed their first enlistment.
This paperwork triggers an automatic notification to VA that the individual is no longer on active duty, but in these cases the people re-enlisted. VA believes the information could still be in the agency's data files.
There is no evidence suggesting that full-time active-duty personnel from other branches of the military are affected, the department stated.
VA Secretary James Nicholson has said a data analyst in the department's Office of Policy violated agency policy by taking home a digital copy of unencrypted records containing the names, Social Security numbers and dates of birth for veterans discharged since 1975 and some of their spouses. Also at risk are veterans discharged before 1975 who filed for disability compensation.
The department has initiated the process for firing the career data analyst, who will be afforded the same rights other career federal employees receive in such situations, VA officials said. The employee has worked at the agency for more than 30 years and had been taking sensitive data home since 2003.
To assist in the department's efforts to determine what information was in the database, VA has hired data forensic experts to analyze the original data.
A House Veterans Affairs Committee official said the panel will have at least five hearings on the incident between now and July 13. A final report from the VA Inspector General is expected July 10.