Free Credit-Monitoring for Veterans Whose Data Was Stolen

By DAVID STOUT
Published: June 21, 2006
http://www.nytimes.com/2006/06/21/washington/21cnd-vets.html?_r=1&hp&ex=1150948800&en=52cf230ddd4c791f&ei=5094&partner=homepage&oref=slogin

WASHINGTON, June 21 — The Department of Veterans Affairs said today that it would provide a year of free credit-monitoring for people whose personal information might have been compromised in the recent theft of department computer data.

Secretary R. James Nicholson said his department would solicit bids from monitoring companies and would send letters by mid-August to those who might have been affected by the data loss, which occurred on May 3 when the home of a department data analyst was burglarized.

Mr. Nicholson said the free credit-monitoring was part of his agency's attempt to atone for the "terrible, unfortunate, regrettable" data loss that appears certain to cost taxpayers well over $20 million. "Free credit-monitoring will help safeguard those who may be affected and will provide them with the peace of mind they deserve," he said.

Mr. Nicholson said his department would also retain a company to look for possible misuse of the stolen data by pinpointing suspicious use of identity information. So far, he emphasized at a news briefing, there have been no indications that any of the stolen information has been misused — nor any sign of progress in recovering it.

The data were on a laptop computer and detachable hard drive that the department analyst took home without authorization. Although the police in Montgomery County, Md., have said the burglars were probably interested in the computer, rather than any data on it, there has been widespread concern that the data could be used for credit-card fraud and other crimes associated with identity theft.

The data include names, dates of birth and Social Security numbers for millions of people — although just how many has not always been clear. At first, the veterans agency said information on about 26.5 million veterans was affected. Then it said the 26.5 million included active-duty people as well as veterans.

The agency said today that only about 17.5 million people were at risk, and that the earlier, higher estimate had not taken into account deaths and duplication among records. (People who fear they may be affected by the theft can log on to www.firstgov.gov for more information.)

Mr. Nicholson said his department had spent about $7 million sending warning letters to people who might be affected and another $7 million to operate a telephone call-in center. It will probably spend another $7 million on letters describing the credit-monitoring service, he said. The secretary did not discuss how much the credit-monitoring and data analysis may cost.

Mr. Nicholson said the fate of the data analyst whose house was burglarized has yet to be determined. The secretary said he wanted to dismiss him outright but was told he could not because of job-protection rights enjoyed by federal employees. Mr. Nicholson said the employee "was not intending to do harm, we're convinced of that," but still should not work at the department again.

The theft of the data, the disclosure that Mr. Nicholson was not notified by his subordinates for almost two weeks and confusion about the scope of the loss have caused the Department of Veterans Affairs to come under harsh criticism, from veterans and on Capitol Hill. One lawmaker wondered aloud at a recent hearing at the harm caused by "a garden-variety burglary."

Mr. Nicholson, who has been secretary since January 2005, has responded to the episode by forcing out some subordinates and hiring a former Arizona prosecutor, Richard Romley, as a special adviser for information security.

The secretary said a review is under way to ensure that only those department employees needing it have access to sensitive material. He said he was determined to root out complacency and make his department "the gold standard for data security."