Subscribe to ePluribus Media



ePluribus Media Store


Want Headlines via Email?
Enter your email address:


Help Save 1.800.SUICIDE

More support of vets... VA loses personal records of 26.5 million vets

by intranets rcs1
Wed May 24, 2006 at 02:28:29 PM EST

Originally posted Tue May 23, 2006 at 05:31:43 AM EST -- bumped, new good stuff in the comments

bumped, ePM EXCLUSIVE, found police report (maybe?)
Laptop & external hard drive stolen in the middle of the day

Associated Press 16:30 PM May, 22, 2006
WASHINGTON -- Thieves took sensitive personal information on 26.5 million U.S. veterans, including Social Security numbers and birth dates, after a Veterans Affairs employee improperly brought the material home, the government said Monday.

Yer doin' a heckva job Jimmy

I'm glad the gov't takes privacy as serious as corporations.  Just like in the private sector, employees are allowed to take whole databases home with them.

I wonder if this an extension of Bush's NSA warrantless spying program.  It involved acquiring the records of vets, but it's ok, because many ex- military are on gov't watch lists anyways.


commentary :: :: :: buzz-it!
"The information involved mainly those veterans who served and have been discharged since 1975, said VA Secretary Jim Nicholson. Data of veterans discharged before 1975 who submitted claims to the agency may have been included."

"It is a mystifying and gravely serious concern that a VA data analyst would be permitted to just walk out the VA door with such information," Illinois Rep. Lane Evans, the top Democrat on the Veterans Affairs Committee, said in a statement signed by other Democrats on the panel.

http://www.va.gov/

The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of our policies.  This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings.  Importantly, the affected data did not include any of VA's electronic health records nor any financial information. The employee's home was burglarized and this data was stolen.  The employee has been placed on administrative leave pending the outcome of an investigation.

... the VA has set up a manned call center that veterans may call to get information about this situation and learn more about consumer identity protections. That toll-free number is 1-800-FED INFO (333-4636). The call center will be open beginning today, and will operate from 8 am to 9 pm (EDT), Monday-Saturday as long as it is needed.

 Task Force members have already taken actions to protect the affected veterans, including working with the credit bureaus to help ensure that veterans receive the free credit report they are entitled to under the law. Additionally, the Task Force will meet today, 22 May 2006, to coordinate the comprehensive Federal response, recommend further ways to protect affected veterans, and increase safeguards to prevent the reoccurrence of such incidents.

I've got to wonder, what good is a database that just has names, SSN, and DOB??  Surely, there had to have been something more in the database, like claim dates, or something else.  What else is a "data analyst" analyzing?  The average age of people?  It doesn't make sense, there must have been some other meta-data.  Maybe not health records, but some data.

Also, how lame is that --  they are working to get vets the already free annual credit report, the kind you can already get free from their webpage.    Can't they get them annual credit monitoring, like corporations do when they "lose" huge databases.

------------------------------------------------------
[EDIT: UPDATED INFO]
A new turn in this story involves the mysterious theft of the laptop & data.

http://www.nytimes.com/2006/05/24...identity.html

Officials familiar with the case said that while investigators had no reason to dispute the employee's account, they were nonetheless puzzled why little else of value besides the data-laden disks were stolen. In an added twist, the officials said investigators were having trouble finding the employee but did not think that he was necessarily trying to be evasive. Several aspects remained murky, including how much communication, if any, there was between the Montgomery County police in Maryland and federal investigators about the disks.

  • Nicholson said he initially left the matter to VA investigators rather than calling the FBI.
  • By Monday, however, with no arrests made, federal investigators decided to abandon that strategy [of not letting known the valuable data to the thieves]
  • VA officials waited 19 days after the theft before alerting the public [and FBI] of the theft.
  • The disks contain Vet's Names, SSN, DOB, spouses, and disability rating--a score of between 1 to 100 on how disabled a veteran is.
  • The VA has set up a call center, the cost of which is reportedly $11 million.
    -------------------------------------------------


    On to the theft.
    We know it was stolen from the employee's house on May 3rd in "Aspen Hill" or "Wheaton", either way it involves the Montgomery County Police either way.


    CRIME ARCHIVE SECTION

    5/3 10:30am - 4:45pm
    Pryied open window.
    Stolen: electronics, external harddrive, coins.


    May 3rd, being a Wednesday, it would be odd for an employee to have his laptop and data at home while the employee was at work (10:30am - 4:45pm).

    As one article said, why did the thieves only take the computer stuff and nothing else (besides coins). Also, the police we not notified until Wednesday evening.



    So, now I have to ask, is the external hard disk the "disks" the media is reporting on? He had a whole harddrive with the data on it? Brilliant.
    • Display:
    More support of vets... VA loses personal records of 26.5 million vets | 37 comments (37 topical, 0 hidden)
    Theft of vets' data kept secret for 19 days (5.00 / 1) (#6)
    When you read the following two excerpts...you realize that the analyst knew beyond a shadow of a doubt that this was not allowed.  I must assume there is some type of security checks of equipment coming in and out of the VA by employees...like maybe video!  This to me seems like a managed/sanctioned theft. Just someone threw a monekey wrench into the mix...shall we say "twist of fate".

    http://www.cnn.com/2006/US/05/23/vets.data/index.html

    "I've got to ask -- and certainly I have to ask it of not only the VA but all of government -- why can a data analyst take all of this information home?" the Idaho Republican said. "That's a breach of security -- in today's concern about ID theft -- that is huge."

    - snip -

    "Nicholson said the analyst has been placed on administrative leave during the investigation but that no "ulterior motive" is suspected. The analyst is a longtime department employee but was not authorized to take the information home, he said."

    by avahome on Tue May 23, 2006 at 12:19:56 PM EST

    tinfoil.. on (5.00 / 1) (#7)
    Ok, so following the logic of the phone records kerfuffle... What good is disability data for vets?  Well maybe Rove knows that the vets are not too happy with Bush admin & Republican leadership handling of Iraq.  Maybe they know the loyal military men are changing their votes.. maybe they are looking for the recently maimed voters from Bush's Iraq war?

    Just a nutty thought.  Wonder if these Iraq vets get purged from the voter rolls.

    by intranets on Tue May 23, 2006 at 01:40:04 PM EST
    [ Parent ]

    Another facet (none / 0) (#8)
    You asked the question, Ava, about why can he take it home.  I would pose another.

    "Why SHOULD he take it home".

    Technologically speaking there is no reason someone cannot access the data via a VPN secured conduit from a laptop or other PC type system.

    NO reason.  If he needed to manipulate the data for an urgent project I would think a bigger badder faster server (with him onsite instead of offsite) would be a better solution.

    This is not ringin true to my ears or gut the more I think about it.

    by kfred on Tue May 23, 2006 at 07:41:24 PM EST
    [ Parent ]

    depends what they are doing (none / 0) (#10)
    I'm still not sure what anaylizing they were doing.  It doesn't make sense to have no VA records, other than status, but then have the SSN, names, DOB..  If they were making stats, they could have used VA case numbers of something.  

    Almost any company, or gov't agency has policies when you deal with this kind of data.  Anyone with a laptop with 20million SSN numbers, know better than taking it home, unencrypted.  And I agree there probably is a VPN solution..  So I think this isn't as accidental as they'd have you believe.


    by intranets on Wed May 24, 2006 at 07:09:14 AM EST
    [ Parent ]

    Entirely possible (none / 0) (#9)
    the analyst knew it was against policy but was behind the eight ball with work  piling up.  Think of all the cutbacks they have had with the VA and how this can result in fewer people being expected to perform the duties that several people once did.  Not excusing his actions and poor judgement but can see this as a very plausible reason for him to take the work home.

    by standingup on Tue May 23, 2006 at 09:38:43 PM EST
    [ Parent ]
    Updates (5.00 / 1) (#13)
    Wow, the news is starting to get pissed that nothing has been done for Vets and no help is being offered..

    MA AG tips on what to do for VAs

    If you believe you have been the victim of identity theft, you will need to take additional steps to protect your credit and your good name.  AG Reilly's office has resources to help you, including an identity theft brochure is available online. Additional information is also available at the Federal Trade Commission at www.consumer.gov/idtheft.  Consumers may also call AG Reilly's Consumer Hotline at (617) 727-8400.

    http://msnbc.msn.com/id/12940308/

    So far, you've only received vague advice from the Veterans Affairs and other federal authorities, like 'check your credit.'

    Here's a more specific checklist:

    1. Institute a Fraud alert on your credit.
    2. Consider a credit freeze.
    3. Check your monthly statements.
    4. Regularly check your credit report.
    5. Don't fall for it    

    The last comment is pretty good telling people not to pay for services.  I fear that the credit reporting people stand to make a lot of money from this.  (ChoicePoint!)  Either through VA and congress, or from individuals, the people who stand to make millions from the theft is the credit folks

    http://www.mlive.com/news/kzgazette/index.ssf?/base/columns-2/1148484159308770.xml&coll=7

    Too bad it hasn't applied to the federal government. VA officials waited 19 days after the theft before alerting the public that veterans' identities might have been compromised. Their reasoning was that they hoped the thieves wouldn't understand what they had taken. Officials, fearing that publicity about the stolen data could prompt the laptop thieves to sell the information to skilled identity thieves, hoped to arrest the laptop thieves first.

    By Monday, however, with no arrests made, federal investigators decided to abandon that strategy.

    This makes sense.  I'm not so worried about why they waited 19 days to announce this.  They probably thought they might find it, but when was the FBI notified??

    http://www.modbee.com/local/story/12225487p-12966177c.html

    Since 2001, the inspector general has reported security vulnerabilities related to the operating system, passwords, a lack of strong detection alerts and a need for better access controls, he wrote.

    The material included the veterans' Social Security numbers, birth dates and in some cases a disability rating on how disabled a veteran is. The agency declined to say whether additional information regarding the nature of the disability was disclosed.

    ...
    According to the Justice Department, burglars struck the home of the unidentified VA employee in early May and took a government-owned laptop with disks.
    ...

    After the burglary, the employee promptly informed the VA, which did not tell the FBI until late last week, according to two law enforcement officials who spoke on condition of anonymity because they are not authorized to talk publicly about the investigation.

    http://www.krqe.com/expanded.asp?ID=15306

    Nicholson, who's under bipartisan fire from Capitol Hill, said he initially left the matter to VA investigators rather than calling the FBI. He said he's asked the department's inspector general to hurry up an investigation to determine who was responsible for the time delay.

    http://www.thevillagesdailysun.com/articles/2006/05/24/villages/villages02.txt

    "I think it's a terrible thing because there's information on there that's not to be publicized," said Harold Sievers of The Villages Memorial Park Committee.

    He feared the disk included some information known only to the CIA.


    HUH?! I think is just Joe Public's speculation.. I hope.

  • disability rating--a score of between 1 to 100 on how disabled a veteran is.

  • a career employee's Aspen Hill home was burglarized, apparently randomly, on May 3.

  • The VA has set up a call center, the cost of which is reportedly $11 million.

  • A full scale investigation by the Federal Bureau of Investigation and the VA Inspector General's office has been launched, according to Iron County Veterans Service officer Bob Morzenti.

    by intranets on Wed May 24, 2006 at 02:59:53 PM EST
    • Helpful info in your comment, intranets (none / 0) (#14)
    thanks...

    by Cho on Wed May 24, 2006 at 03:06:31 PM EST
    [ Parent ]
    police report (none / 0) (#15)
    Can we find it?  
    I believe Aspen Hill is Montgomery County, Maryland.

    But it did say Virginia police.  Maybe I'm mixing up VA with VA(virginia).

    by intranets on Wed May 24, 2006 at 03:07:44 PM EST
    [ Parent ]

    (Comment Deleted) (none / 0) (#16)

    This comment has been deleted by intranets



    by intranets on Wed May 24, 2006 at 03:13:12 PM EST
    [ Parent ]
    (Comment Deleted) (none / 0) (#17)

    This comment has been deleted by intranets



    by intranets on Wed May 24, 2006 at 03:18:40 PM EST
    [ Parent ]
    (Comment Deleted) (none / 0) (#18)

    This comment has been deleted by intranets



    by intranets on Wed May 24, 2006 at 03:23:23 PM EST
    [ Parent ]
    (Comment Deleted) (none / 0) (#20)

    This comment has been deleted by intranets


    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    by wanderindiana on Wed May 24, 2006 at 04:10:37 PM EST
    [ Parent ]
    Might not be in public record. (none / 0) (#21)
    I just looked through the archived reports; there are some that list Wheaton crimes in the District 3 roundup, but none of them occurred  on May 3rd.

    My conclusions? Either the Wheaton location is incorrect, the public record has been purged, or it was never reported to the public along with other burglaries.
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    by wanderindiana on Wed May 24, 2006 at 04:25:44 PM EST
    [ Parent ]

    Wheaton v. Aspen Hill (none / 0) (#23)
    There are major outlets reporting Wheaton, MD; there are also major outlets reporting Aspen Hill, MD.

    The two communities are neighboring.

    Link to map

    This link is to an area that shows a Wheaton Woods Recreational Area directly adjacent to Aspen Hill. Perhaps this is the neighborhood where the crime took place, and the confusion over Wheaton v. Aspen Hill in press reports has something to do with the park?
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    by wanderindiana on Wed May 24, 2006 at 04:44:47 PM EST
    [ Parent ]

    found it (none / 0) (#24)
    I found it :)

    by intranets on Wed May 24, 2006 at 05:37:40 PM EST
    [ Parent ]
    editted main story (none / 0) (#25)
    Read main post.  Apparently an external harddrive was stolen.  In the middle of the day.  What was this laptop & HD doing at home in the middle of the day?

    by intranets on Wed May 24, 2006 at 06:00:46 PM EST
    [ Parent ]
    Telephone Info for Montgomery Cnty: (none / 0) (#22)
    http://www.montgomerycountymd.gov/mcgtmpl.asp?url=/apps/phonebook/phonebook.asp

    POLICE      E-MAIL
        J. Thomas Manger, Police Chief
       240-773-5000
    Emergencies, 911
    Non-Emergencies, 301-279-8000
    Media Services, 240-773-5030
    Crime Solvers, 240-773-5038
    1st District- Rockville, 301-279-1602
    2nd District-Bethesda, 301-652-9200
    3rd District-Silver Spring, 301-565-7740
    4th District-Wheaton, 240-773-5500
    5th District-Germantown, 301-840-2650
    6th District

    by avahome on Wed May 24, 2006 at 04:26:02 PM EST
    [ Parent ]

    yep that's it. (none / 0) (#28)
    decided to take it down.  
    I wouldn't not want to be the guy who pissed off 26 million vets..

    by intranets on Wed May 24, 2006 at 08:16:45 PM EST
    [ Parent ]
    Veterans Stolen Private Data (5.00 / 1) (#26)
     Pass It On - Find More Pass That As Well!!

    VA Data Stolen: Statement of VVAF
    The news of this security breach is a wake up call to the VA and all federal agencies that are responsible for protecting citizens' personal information. Questions about VA data accuracy and security should be raised and examined. It appears that the VA did not have adequate measures in place to prevent an incident like this from happening. This pattern of lack of planning by the VA is troublesome and produces serious questions with implications far beyond this serious breach. The millions of veterans who have served our nation and the more than a million men and women who are currently fighting the Global War on Terror deserve an explanation and the assurance that the VA is up to the task of serving our veterans

    Personal Data on Veterans Is Stolen: Burglary Leaves Millions at Risk Of Identity Theft
    As many as 26.5 million veterans were placed at risk of identity theft after an intruder stole an electronic data file this month containing their names, birth dates and Social Security numbers from the home of a Department of Veterans Affairs employee, Secretary Jim Nicholson said yesterday.

    Veterans want VA to pay for credit checks after data theft
    A leading veterans group wants the Department of Veterans Affairs to pay for every single veteran to obtain a credit check after personal data on 26.5 million veterans was stolen earlier this month.

    Source: Theft of vets' data kept secret for 19 days

    Buyer to investigate VA data breach

    VA didn't disclose theft for 2 weeks

    Calling the government's VA Data Theft Hotline

    by jimstaro on Wed May 24, 2006 at 06:59:53 PM EST

    Jim... thanks for these great links! (none / 0) (#27)


    by Cho on Wed May 24, 2006 at 07:14:07 PM EST
    [ Parent ]
    You're Fired! - but the analyst is on (none / 0) (#1)
    Administrative leave...............something is wrong here - this sounds like an internal coverup.   Getting my mind around this I have to wonder how many of the vets are deceased that are on this list which frees up ss# and we are not told that starting point of the records (I am not so naive to think it is tied to SS#'s.......) This is truly a nightmare.  My husband is a VietNam vet.

    by avahome on Tue May 23, 2006 at 08:18:51 AM EST
    CNN (none / 0) (#2)
    just ran a segment on this and they were reporting the data was on a disk that wasn't protected with encryption or any other security.  If so, that is simply careless.  But this is not surprising with the government who uses vendors like ChoicePoint.  

    by standingup on Tue May 23, 2006 at 08:33:35 AM EST
    Good grief (none / 0) (#3)
    No passwording, encryption, nothing?  This is worse than most of the cases I've heard of - including me.  At least there was a password!

    And if the thief didn't have a clue before, they sure have a clue as to the value of what they stole now - that's the other thing that bothers me about this stuff.  It's a catch22 - the ID owners need to know this was done, but the market goes worldwide for selling the data instead of just being a possible local job.

    by kfred on Tue May 23, 2006 at 09:16:46 AM EST
    [ Parent ]

    makes sense (none / 0) (#4)
    You'd be surprised how often this probably does happen.. It's just most companies never report anything.

    So a data analyst probably does have a database.  And aside from a windows login, it's probably in some program or spreadsheet, with no passwords.

    What makes no sense to me is what else was in the data.  There is no way it was just a mailing list of names and SSN.  Must have been some useful data.

    by intranets on Tue May 23, 2006 at 09:49:41 AM EST
    [ Parent ]

    more details (none / 0) (#5)
    Ah..

    The stolen information includes the names of some veterans' spouses, as well as the disability ratings of some veterans.

    http://seattletimes.nwsource.com/html/nationworld/2003012577_datatheft23.html

    The data did not contain medical records or financial information, but in some cases had disability ratings, he said. "The employee took it home to work with it," Nicholson said. "He was working on a project. ... But he was not authorized to take it home."

    The burglary occurred May 3 in Wheaton, Md., according to a source with knowledge of the incident who requested anonymity because the matter is under investigation.

    Not to enter too much into conspiracy land.. But it is unnerving the largest data thefts have been, ChoicePoint, and now the VA database..

    February 2005, that thieves had duped the world's largest commercial data broker, Choicepoint, into providing them with information on more than 150,000 consumers


    by intranets on Tue May 23, 2006 at 09:58:10 AM EST
    [ Parent ]
    Zeroing in on the employee.......... (none / 0) (#11)
    Yes, finally the light dawns...... Boy, to get a copy of the police report on the theft!

    http://www.nytimes.com/2006/05/24/washington/24identity.html

    The authorities continued to investigate the activities of the employee, who is on administrative leave.

    Officials familiar with the case said that while investigators had no reason to dispute the employee's account, they were nonetheless puzzled why little else of value besides the data-laden disks were stolen. In an added twist, the officials said investigators were having trouble finding the employee but did not think that he was necessarily trying to be evasive.

    Several aspects remained murky, including how much communication, if any, there was between the Montgomery County police in Maryland and federal investigators about the disks.



    by avahome on Wed May 24, 2006 at 11:36:45 AM EST
    huh. (none / 0) (#12)
    I thought it was a laptop??!

    by intranets on Wed May 24, 2006 at 02:35:53 PM EST
    [ Parent ]
    I thought I read government issued laptop.... (none / 0) (#19)
    somewhere's............ Back in the days I worked for government contractor...every piece of government equipment had a tracking number on it.  To be able to remove the piece of equipment from the location, you had to sign out the piece of equipment with Functional Area Coordinator...because baby, you owned it and were totally responsible.

    I have to assume this info was on an AS400 database or something similar where you run a query, which is trackable by originator, and downloaded into I assume a file/print format.  

    I am thinking there is video/card key/etc. to track employee work trail........that could be why he said things were stolen from home because he is so trackable at work.  He is now a marked man....bet he didn't figure that...but he did have enough time to disappear......odd.

    by avahome on Wed May 24, 2006 at 04:08:48 PM EST
    [ Parent ]

    Update (none / 0) (#29)
    I took down the address.  It was too easy to find out the mid-level VA employee's name.  I worry for his safety due to the fact that he pissed off every Veteran in the D.C. area.

    I think it would be bad for him if his name got out.  Of course turn-about-is-fair-play.  Maybe  I should post his SSN, DOB, Name & address

    by intranets on Wed May 24, 2006 at 08:21:17 PM EST

    More comments to delete? (none / 0) (#30)
    You left the trail of the search, enough so that anyone could retrace our steps and match what you've left from the police report.

    You could even Google a phrase from the police report and go directly to the information.

    Consider deleting this comment and all the others that are along the trail to be thorough - and the specific text from the police report in your commentary. Perhaps you could copy the thread to the Investigates site before you delete.
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    by wanderindiana on Wed May 24, 2006 at 11:14:47 PM EST
    [ Parent ]

    Geez I missed the copy of the police..... (none / 0) (#31)
    report......will someone email me it! Thanks...or put on investigative side!

    by avahome on Thu May 25, 2006 at 12:24:07 AM EST
    [ Parent ]
    No police report (5.00 / 1) (#32)
    Just the police blotter (see main post, with small blurb about pryied open window)

    Ok, so I thought I changed the police thing enough to make it un-googleable, but I was wrong.  Fixed.  So the only thing is that people could follow our link to Montgomery County Police.  But that is in most stories, so I don't think telling people about Montgomery County police is a big deal.

    All I have to say is that this is the guy for sure.

    And they work this VA group:
    http://www.virec.research.va.gov/  

    by intranets on Thu May 25, 2006 at 05:53:01 AM EST
    [ Parent ]

    V.A. Chief testifies to House Panel (none / 0) (#33)
    Blatant incompetence...........
    here

    Under questioning, Nicholson acknowledged that his deputy secretary, Gordon Mansfield, was the highest level official told about the May 3 burglary, but did not act. But he declined to say whether Mansfield would be fired or why he might have kept quiet in what has become one of the nation's largest security breaches.


    by avahome on Thu May 25, 2006 at 11:29:31 AM EST
    Updates from congressional hearing (none / 0) (#34)
    I guess we scooped the media about the external hard drive.

    What is new is that the thieves did not take some CDs with VA data on them.

    There is a good timeline of incompetence, along with more info.  I really believe the career VA guy was a former head of Human Resources, that retired from (a major city in Florida) after being the head of that office for 27 years, and then took a cushy job doing data analysis.   Could be coincidence with names, but I doubt it from the "37 years since clearance" comment.

    Here's a dump of articles.

    http://www.bloomberg.com/apps/news?pid=10000087&sid=aJ63AJf2RgPo&refer=top_world_news

     Michael McLendon, the department's deputy assistant secretary for policy, learned about the May 3 theft an hour after it was reported to police, the Post said. Dennis Duffy, acting assistant secretary for policy, planning and preparedness learned about the burglary two days later, the newspaper said.

    Duffy informed Veterans Affairs Chief of Staff Thomas Bowman on May 9 that as many as 26.5 million veterans' personal records had been stolen, the Post said. Bowman told Deputy Secretary Gordon Mansfield on May 10 and Nicholson was informed May 16, the newspaper said.

    http://www.boston.com/news/nation/washington/articles/2006/05/27/officials_waited_13_days_to_tell_va _chief_about_theft_of_data/

    McLendon met with two high-ranking VA information security specialists the next day.

    http://seattletimes.nwsource.com/html/nationworld/2003019802_vets26.html

    A number of CDs containing sensitive VA data were left in the house after the burglary, VA Inspector General George Opfer testified.

    Not included, he said, were any VA electronic health records or "explicit financial information."

    The affected veterans were those who have been discharged since 1975, plus veterans receiving VA disability compensation, Nicholson said. He said fewer than 100 spouses were included in a stolen electronic file listing people who had been affected by mustard gas.

    Nicholson said the VA is sending letters to all the 19.6 million people whose Social Security numbers were stolen, urging them to "be vigilant" for signs of identity theft and advising them how to protect themselves. He said a special VA call center also has been set up.

    Nicholson said the cost of the mailing and call centers is estimated at $25 million. The mailing alone will cost $10 million to $11 million,

    Washington state Attorney General Rob McKenna, meanwhile, sent a letter to Nicholson on Thursday asking that Washington veterans be provided a copy of the law-enforcement report regarding the data breach.

    http://www.washingtonpost.com/wp-dyn/content/article/2006/05/25/AR2006052501843.html

    Authorities announced a $50,000 reward for information leading to the recovery of the laptop computer and external hard drive stolen May 3 from the employee's Aspen Hill home. The VA inspector general and the FBI are offering the reward. Montgomery County police asked anyone with information to call 866-411-8477.

    the stolen information was not encrypted or "scrambled."

    The electronic file contained names and dates of birth for as many as 26.5 million veterans who have been discharged since 1975, or who were discharged in any year and are collecting disability compensation from the department, Nicholson said. The file also included the Social Security numbers of 19.6 million of those veterans, he said. He said fewer than 100 spouses are believed to be included in the file.

    Opfer said his office did not learn of the lost data until May 10, and then only through an offhand remark by a VA employee at a routine meeting.

    The FBI was not told until May 17, and Nicholson did not make a public announcement until Monday.

    He said the employee who took the data home last had a background check 32 years ago.

    VA data analyst was "a dedicated federal employee who took work home with the hope of improving VA operations."

    http://www.nytimes.com/2006/05/26/washington/26identity.html

    "He said that he routinely took such data home to work on it, and had been doing so since 2003," George J. Opfer, the department's inspector general

    He said the employee, a data analyst, had been cooperating with the Montgomery County police and the Federal Bureau of Investigation.

    Moreover, he said that the data on some veterans included "numerical disability ratings and the diagnostic codes which identify the disabilities being compensated," enough knowledge for some unauthorized people to compute compensation payments.

    http://www.washingtonpost.com/wp-dyn/content/article/2006/05/25/AR2006052501237.html

    Michael H. McLendon, VA deputy assistant secretary for policy, learned of the May 3 burglary less than an hour after the worker reported it to his supervisors and to Montgomery County police, according to the briefing document, given to congressional committees this week and obtained yesterday by The Washington Post. McLendon met with two high-ranking VA information security specialists the next day.

    It also reveals new details about the 60-year-old man at the heart of the scandal. He is a senior-level career employee working as an information technology specialist in the Office of Policy. As a GS-14 level employee, he earns between $91,407 and $118,828 a year.

    In a meeting with McLendon two days after the theft, the employee "assumed full responsibility, acknowledging he knew he should not have taken the data out of the office," the summary says. James J. O'Neill, VA deputy assistant inspector general for investigations, said in an interview yesterday that the employee is cooperating fully in the investigation. "He reported it [the theft] immediately, and he certainly could have kept it quiet," O'Neill said.

    According to the document, Dennis M. Duffy, acting assistant secretary for policy, planning and preparedness, was told of the theft May 5. Duffy asked VA computer security specialists to determine the extent of the data lost and three days later asked them to draft a memo. McLendon convened a meeting of the Office of Policy staff May 9 to stress the importance of data security and had the data analyst discuss his experience.

    It was not until that day, May 9, that Duffy informed VA Chief of Staff Thomas Bowman about the theft, suggesting that senior management should discuss the department's obligations to notify veterans whose data may have been compromised. Bowman told Deputy Secretary Gordon Mansfield, the department's No. 2 official, the next afternoon, but neither man informed Nicholson until May 16, the document shows.

    Nicholson told the White House that day but did not inform Congress or the public until six days later, on May 22.

    http://www.forbes.com/business/manufacturing/feeds/ap/2006/05/25/ap2773713.html

    "It wasn't until we interviewed the employee on the 15th that we knew we had a significant problem" involving a vast cache of Social Security numbers, birthdates and disability ratings, Opfer said. Only then did the VA bring in local and federal law enforcement to investigate.



    by intranets on Sat May 27, 2006 at 12:32:21 PM EST
    Finally closure - resignations & dismissal (none / 0) (#35)
    here
    excerpt
    WASHINGTON - A Veterans Affairs deputy assistant secretary who didn't immediately notify top officials about a theft of 26.5 million veterans' personal information is stepping down, citing missteps that led to the security breach.

    Michael H. McLendon, deputy assistant secretary for policy who supervised the VA data analyst who lost the data, said he would relinquish his high-level post on Friday.

    The data analyst also will be dismissed while the acting head of the division in which he worked, Dennis Duffy, has been placed on administrative leave, VA Secretary Jim Nicholson said Tuesday



    by avahome on Tue May 30, 2006 at 08:25:09 PM EST
    Stolen government laptop computer recovered (none / 0) (#36)
    It's a freakin Miracle!!!!!!!!!!!!!!!! If you believe this article, I got a bridge I can sell you! What a crock this is..........read the whole article..I just posted some excerpts.

    http://houstonchronicle.com/disp/story.mpl/front/4012142.html


    WASHINGTON --The government has recovered the stolen laptop computer containing sensitive data for up to 26.5 million veterans and military personnel, Veterans Affairs Secretary Jim Nicholson announced today.

    - snip -

    Newly discovered documents show that the VA analyst blamed for losing the laptop had received permission to work from home on data from included millions of Social Security numbers.

    "From the start, the VA has acted as if the theft was a PR problem that had to be managed, not fully confronted," said Rep. Bob Filner, D-Calif. "They're trying to pin it on this one guy, but I think it's other people we need to be looking at."

    According to the documents provided to The Associated Press, the analyst, whose name was being withheld, had approval as early as Sept. 5, 2002, to use special software at home that was designed to manipulate large amounts of data.

    A separate agreement, dated Feb. 5, 2002, from the office of the assistant Veterans Affairs secretary for policy and planning, allowed the worker to access Social Security numbers for millions of veterans.

    A third document, also issued in 2002, gave the analyst permission to take a laptop computer and accessories for work outside of the VA building.



    by avahome on Thu Jun 29, 2006 at 12:47:55 PM EST
    [ Parent ]
    FBI says data on VA laptop not accessed (none / 0) (#37)
    Call me stupid..but couldn't the drive been copied?
    And funny it was turned in a few days after Nicholson testified on capital hill.......
    Is this a cover-up???? It just sounds so rediculous.

    http://news.yahoo.com/s/ap/20060629/ap_on_go_ot/vets_data_theft

    The FBI, in a statement from its Baltimore field office, said a preliminary review of the equipment by its computer forensic teams "has determined that the data base remains intact and has not been accessed since it was stolen." More tests were planned, however.

    Nicholson said the laptop and hard drive were turned in to the FBI. No suspects were in custody.

    - snip -

    An unidentified person turned the laptop in Wednesday to FBI agents in Baltimore, according Michelle Crnkovich, a spokeswoman for the Baltimore FBI field office.

    - snip -

    Crnkovich said the tipster who turned in the laptop has not been charged and likely was not the thief. She said the FBI still believes the laptop was taken in a routine burglary and that the VA data was not the target. She did not know if the tipster was eligible for the $50,000 reward offered for information on the laptop's whereabouts.



    by avahome on Thu Jun 29, 2006 at 01:02:53 PM EST
    [ Parent ]
    More support of vets... VA loses personal records of 26.5 million vets | 37 comments (37 topical, 0 hidden)

    Support ePluribus Media -- Support Citizen Powered Journalism!

    ePluribus Media

    ↑ Grab this Headline Animator

    members


    community front page

    make a new account


    Username:
    Password:

    recent commentaries

    front page

    Tuesday November 27th
    • Nick Benton's Corner: We Are All Immigrants (0 comments)
    • The Holocaust is Real (1 comments)

    Monday November 26th
    • Australian Elections (0 comments)
    • "Coming Home: Soldiers and Drugs," (1 comments)
    • NM-03: A Native American Hat in the Ring? (1 comments)
    • Race and New Media: A Conference (0 comments)
    • Lott Retiring From The Senate? (1 comments)
    • Beauty for our Souls - NYC edition (4 comments)
    • An 'American' Success Story (1 comments)
    • Ohio's Dann Asked to Probe Allegations of Fraud in 2004 Ohio Election (2 comments)

    older stories...

    create account | faq | search | community front page |