WASHINGTON - Thieves took sensitive personal information on 26.5 million U.S. veterans, including Social Security numbers and birth dates, after a Veterans Affairs employee improperly brought the material home, the government said Monday.
The information involved mainly those veterans who served and have been discharged since 1975, said VA Secretary Jim Nicholson. Data of veterans discharged before 1975 who submitted claims to the agency may have been included.
Nicholson said there was no evidence the thieves had used the data for identity theft, and an investigation was continuing.
"It's highly probable that they do not know what they have," he said in a briefing with reporters. "We have decided that we must exercise an abundance of caution and make sure our veterans are aware of this incident."
Veterans advocates expressed alarm.
"This was a very serious breach of security for American veterans and their families," said Bob Wallace, executive director of Veterans of Foreign Wars. "We want the VA to show leadership, management and accountability for this breach."
Ramona Joyce, spokeswoman for the American Legion, agreed that the theft was a concern. "In the information age, we're constantly told to protect our information. We would ask no less of the VA," she said.
Nicholson declined to comment on the specifics of the incident, which involved a midlevel data analyst who had taken the information home to suburban Maryland on a laptop to work on a department project.
The residential community had been a target of a series of burglaries when the employee was victimized earlier this month, according to the FBI in Baltimore. Local law enforcement and the VA inspector general were also investigating.
"I want to emphasize there was no medical records of any veteran and no financial information of any veteran that's been compromised," Nicholson said, although he added later that some information on the veterans' disabilities may have been taken.
Nicholson said he does not know how many of the department's 235,000 employees go thorough background investigations. He said employees who have access to large volumes of personal data should be required to undergo such checks, but he does not believe the VA employee was involved in the theft.
"We do not suspect at all any ulterior motive," he said.
The department has come under criticism for shoddy accounting practices and for falling short on the needs of veterans.
Last year, more than 260,000 veterans could not sign up for services because of cost-cutting. Audits also have shown the agency used misleading accounting methods and lacked documentation to prove its claimed savings.
"It is a mystifying and gravely serious concern that a VA data analyst would be permitted to just walk out the VA door with such information," Illinois Rep. Lane Evans (news, bio, voting record), the top Democrat on the Veterans Affairs Committee, said in a statement signed by other Democrats on the panel.
Sen. John Kerry, D-Mass., who is a Vietnam veteran, said he would introduce legislation to require the VA to provide credit reports to the veterans affected by the theft.
"This is no way to treat those who have worn the uniform of our country," Kerry said. "Someone needs to be fired."
The VA said it was notifying members of Congress and the individual veterans about the burglary. It has set up a call center at 1-800-FED-INFO and Web site, http://www.firstgov.gov, for veterans who believe their information has been misused.
It also is stepping up its review of procedures on the use of personal data for many of its employees who telecommute as well as others who must sign disclosure forms showing they are aware of federal privacy laws and the consequences if they're violated.
Deborah Platt Majoras, chair of the Federal Trade Commission, said her task force has reached out to the three major credit bureaus to be alert to possible misuse.