[ISN] Thieves steal personal data of 26.5M vets

From: InfoSec News (isn@private)
Date: Mon May 22 2006 - 22:22:52 PDT


May 22, 2006 

WASHINGTON -- Thieves took sensitive personal information on 26.5
million U.S. veterans, including Social Security numbers and birth
dates, after a Veterans Affairs employee improperly brought the
material home, the government said Monday.

The information involved mainly those veterans who served and have
been discharged since 1975, said VA Secretary Jim Nicholson. Data of
veterans discharged before 1975 who submitted claims to the agency may
have been included.

Nicholson said there was no evidence the thieves had used the data for
identity theft, and an investigation was continuing.

"It's highly probable that they do not know what they have," he said
in a briefing with reporters. "We have decided that we must exercise
an abundance of caution and make sure our veterans are aware of this

Veterans advocates expressed alarm.

"This was a very serious breach of security for American veterans and
their families," said Bob Wallace, executive director of Veterans of
Foreign Wars. "We want the VA to show leadership, management and
accountability for this breach."

Ramona Joyce, spokeswoman for the American Legion, agreed that the
theft was a concern. "In the information age, we're constantly told to
protect our information. We would ask no less of the VA," she said.

Nicholson declined to comment on the specifics of the incident, which
involved a midlevel data analyst who had taken the information home to
suburban Maryland on a laptop to work on a department project.

The residential community had been a target of a series of burglaries
when the employee was victimized earlier this month, according to the
FBI in Baltimore. Local law enforcement and the VA inspector general
were also investigating.

"I want to emphasize there was no medical records of any veteran and
no financial information of any veteran that's been compromised,"  
Nicholson said, although he added later that some information on the
veterans' disabilities may have been taken.

Nicholson said he does not know how many of the department's 235,000
employees go thorough background investigations. He said employees who
have access to large volumes of personal data should be required to
undergo such checks, but he does not believe the VA employee was
involved in the theft.

"We do not suspect at all any ulterior motive," he said.

The department has come under criticism for shoddy accounting
practices and for falling short on the needs of veterans.

Last year, more than 260,000 veterans could not sign up for services
because of cost-cutting. Audits also have shown the agency used
misleading accounting methods and lacked documentation to prove its
claimed savings.

"It is a mystifying and gravely serious concern that a VA data analyst
would be permitted to just walk out the VA door with such
information," Illinois Rep. Lane Evans, the top Democrat on the
Veterans Affairs Committee, said in a statement signed by other
Democrats on the panel.

Sen. John Kerry, D-Mass., who is a Vietnam veteran, said he would
introduce legislation to require the VA to provide credit reports to
the veterans affected by the theft.

"This is no way to treat those who have worn the uniform of our
country," Kerry said. "Someone needs to be fired."

The VA said it was notifying members of Congress and the individual
veterans about the burglary. It has set up a call center at
1-800-FED-INFO and Web site, http://www.firstgov.gov, for veterans who
believe their information has been misused.

It also is stepping up its review of procedures on the use of personal
data for many of its employees who telecommute as well as others who
must sign disclosure forms showing they are aware of federal privacy
laws and the consequences if they're violated.

Deborah Platt Majoras, chair of the Federal Trade Commission, said her
task force has reached out to the three major credit bureaus to be
alert to possible misuse.


On the Net:
Information for veterans suspecting identity theft:
http://www.firstgov.gov or 1-800-FED-INFO

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Mon May 22 2006 - 22:43:23 PDT