Stolen equipment holding veterans’ records recovered

The FBI on Thursday announced that the laptop computer and external hard drive stolen from a Veterans Affairs Department employee's home early last month, compromising personal information on 26.5 million veterans, has been recovered.

A preliminary inspection indicated that the data, which included Social Security numbers, dates of birth and other sensitive information, potentially on active-duty military service members as well as veterans, has not been touched or copied, the FBI said in a statement. A more thorough forensic investigation is under way.

The FBI in Baltimore announced the discovery, along with the Veterans Administration Inspector General's Office and the Montgomery County, Md., Police Department. The three thanked the Park Police for "invaluable work in this case."

VA Secretary James Nicholson discussed the development with reporters Thursday, before the last in a series of House Veterans' Affairs Committee hearings examining how the breach occurred and what could be done to keep information more secure in the future.

He could not provide further details on the recovery but did say somebody will likely receive the $50,000 reward that had been offered for help finding the equipment.

The VA secretary also noted that the discovery will not change plans to strengthen the department's data security policies. Regardless of how the incident ends, the breach was a "wake-up call" for the agency, he said.

The data loss occurred on May 3, when the laptop and hard drive were stolen from the VA analyst's suburban Maryland home in what appeared to be a routine burglary. The employee had worked for the department for 34 years and had been taking sensitive data home routinely since 2003.

VA officials have initiated the process of firing the analyst and replacing the officials in charge of the Office of Policy and Planning where he worked. The incident has prompted the department to limit telework, beef up security training and suspend use of employee-owned computers for official agency business. Members of Congress also are weighing legislative remedies, including changes to the 2002 Federal Information Security Management Act and the requirements for disclosing breaches.

The break has been costly. As of mid-June, the department was spending about $200,000 a day to operate a call center for veterans and active-duty service members seeking information. Congressional appropriators granted the agency permission to shift up to $25 million of its fiscal 2006 funding to handle the initial expenses linked to the theft.

Additionally, the White House has asked for $160 million to cover the costs of one year of free credit monitoring for affected veterans. It is unclear whether the discovery of the equipment would eliminate the need for that service.