Data on millions of vets stolen from VA employee’s home

Personal information, including Social Security numbers, of possibly every living U.S. veteran discharged since 1975 was stolen earlier this month from the home of a Veterans Affairs employee, the department announced Monday.

The employee took the electronic data without authorization, Veterans Affairs Secretary Jim Nicholson said. Sources said the employee, now placed on administrative leave, worked in the Policy and Planning Group at department headquarters and was performing a statistical analysis on the data as part of an annual department study on veteran population demographics.

The data also contained the names, dates of birth and some disability ratings for up to 26.5 million veterans and some of their spouses, according to a VA statement. The stolen data does not contain medical records, the department said, adding that the FBI and the department's inspector general have mounted investigations.

While the data does not appear to have been deliberately targeted in the theft, the VA is notifying all possibly affected veterans and setting up a special toll-free hotline, 1-800-333-4636. It has also set up a Web site.

VA is in the process of finalizing a contract with the General Services Administration for call-center operations to handle the toll-free calls, GSA spokeswoman M.J. Pizzella said. The department is preparing to spend up to $11 million on the contract, and call volumes could reach tens of thousands of calls per hour, a source said. Pizzella would not confirm those numbers.

The department could have avoided this had the employee followed departmental procedure, said Robert McFarland, who stepped down in April as VA assistant secretary for information and technology. Data removed from computer systems onto devices such as laptops should be encrypted, he said.

"If it was encrypted, then it's going to be useless to anybody, but [the department] doesn't say it was encrypted," he said. Sources said it's probable that the information had been kept in a legacy system that couldn't have been accessed online through a secure virtual private network connection, which is why the employee manually downloaded the data.

"There's a lot of old systems there," McFarland said.

This isn't the first time the department has run into trouble with misplaced veterans' data. In fall 2002, a VA medical center in Indianapolis sold and donated old computers without first wiping their hard drives clean. The new owners found medical information and credit card numbers on the discarded computers. Sen. Larry Craig, R-Idaho, chairman of the Senate Veterans' Affairs Committee, said he will hold hearings on the latest incident, and may not wait until the investigation is complete before looking into the matter. "It is a phenomenally loud wake-up call to our government as it relates to how sensitive information is handled," he told Government Executive. Rep. Steve Buyer, R-Ind., chairman of the House Veterans' Affairs Committee, released a statement saying his panel will likewise examine the incident, in "the context of previous data compromises." VA officials have ordered all employees to complete a cybersecurity awareness and a privacy training course by June 30. In addition, the department is conducting an inventory and review of all positions requiring access to sensitive information. Employees with such access will have to undergo an updated background check.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download
  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download

When you download a report, your information may be shared with the underwriters of that document.