VA Urges Caution After Theft of Personal Information
By Samantha L. Quigley, American Forces Press Service
/ Published April 25, 2007
Veterans Affairs officials today announced the theft of personal information on up to 26.5 million veterans. However, VA Secretary R. James Nicholson stressed there's no indication the information is being used for purposes of fraud.
"We at the VA have recently learned that an employee here, a data analyst, took home a considerable amount of electronic data from the VA, which he was not authorized to do," Nicholson said. "His home was burglarized, and this data was stolen."
The compromised data includes names, Social Security numbers and birthdates of veterans separating from the military since 1975, he said. The information also may have included data on veterans who separated before 1975 but who submitted a claim for VA benefits.
No medical or financial information was compromised, though the files might have contained numeric disability ratings in some cases, Nicholson added. A statement issued by the department indicated that spousal information also might have been compromised in some cases.
"There is no indication & that any use is being made of this data or even that (the thieves) know they have it," Nicholson said.
Exercising what the secretary called "an abundance of caution," the department is working through a number of channels, including the news media, to make veterans aware of the situation. Individual notification letters also will be mailed to veterans.
The department is providing more information through the www.firstgov.gov Web site and call centers that can be reached at (800) 333-4636. The call centers, which will be active today, will be able to handle more than 250,000 calls a day.
"The most important priority that I have right now is to get the word out to our veterans and get them alerted and aware of this possibility," Nicholson said.
The department also is encouraging veterans to watch their financial accounts carefully for any signs of fraud or identity theft. If suspicious activity is detected, veterans should contact the fraud department of one of the three major credit bureaus: Equifax, Experian or TransUnion.
Nichols said the Federal Trade Commission has alerted credit bureaus of a potential increase in requests for fraud alerts and for requests for credit reports.
Any accounts that have been tampered with or opened fraudulently should be closed, and the veteran should file a report with local police or the police in the community where the identity theft took place. Those who suspect identity theft also are encouraged to contact the Federal Trade Commission via its identity-theft hotline at (877) 438-4338, or through its Web site.
There is no indication when the career employee removed the information from his office, but the data was stolen when his home was burglarized sometime this month, Nicholson said. He declined to identify the employee or where he lives but said law enforcement officials reported several burglaries in the area and they do not believe the stolen information was targeted.
"The employee has been placed on administrative leave pending the outcome of (a full-scale) investigation," Nicholson said. All appropriate law enforcement agencies, including the FBI and the Veterans Affairs Department's Inspector General are participating in the investigation.
Members of the President's Identity Theft Task Force will meet today to coordinate a comprehensive response, recommend ways to further protect affected veterans, and increase safeguards to prevent the reoccurrence of such incidents, Nicholson said. VA officials also moved up the date by which all department employees must complete the "VA Cyber Security Awareness Training Course" and the "General Employee Privacy Awareness Course." Both must be completed by June 30.
Additionally, Veterans Affairs will immediately begin conducting a review of all current positions requiring access to sensitive information. All employees requiring access to such data will undergo updated law enforcement and background checks.