VA: Data for 38,000 veterans missing
Latest security breach could put vets at risk of identity theft
Monday, August 7, 2006; Posted: 8:17 p.m. EDT (00:17 GMT)
Secretary Jim Nicholson says the VA doesn't know what happened to the
WASHINGTON (AP) -- As many as 38,000 veterans may be at risk of identity
theft because a Veterans Affairs Department subcontractor lost a desktop
computer containing their sensitive personal data.
VA Secretary Jim Nicholson said that Unisys Corp., a subcontractor hired to
assist in insurance collections for VA medical centers in Philadelphia and
Pittsburgh, Pennsylvania, reported the missing computer last Thursday. The
computer was being used in Unisys offices in Reston, Virginia.
It is not yet known what happened to the computer, Nicholson said, adding
that local and federal authorities are investigating.
The computer is believed to contain names, addresses, Social Security
numbers, dates of birth, insurance carriers and claims data including
medical information for veterans who received care at the hospitals in
Philadelphia and Pittsburgh during the past four years.
According to initial estimates, the data covered about 5,000 patients
treated at Philadelphia, 11,000 treated at Pittsburgh and 2,000 deceased
patients. The VA is investigating whether the information also may have
covered 20,000 who received care through the Pittsburgh medical center.
Ted Davies, a managing partner at Unisys, said a company employee who
regularly used the desktop computer reported it missing July 31. Company
officials then scoured the building three times and sought to determine what
data was lost before reporting it to the VA last Thursday.
The computer was located in a building with security guards and on a floor
where security cards are required for access, and there were no signs of
break-in, he said. The computer was password protected, but the data was not
"This is a high priority for our company to determine what happened," Davies
String of data breaches
The disclosure comes after a string of recent data breaches at the VA,
including the May 3 theft of 26.5 million veterans' personal data from a VA
employee's home in suburban Maryland. The laptop and external drive
containing that information has since been recovered, and two teens were
arrested Saturday as part of what appeared to be a routine burglary.
In recent weeks, the VA has also acknowledged losing sensitive data for more
than 16,000 veterans in at least two other cases in Minneapolis, Minnesota,
and Indianapolis, Indiana.
Nicholson said in a statement Monday that the VA was working with Unisys to
notify those veterans affected and to provide credit monitoring if
"VA is making progress to reform its information technology and cyber
security procedures, but this report of a missing computer at a
subcontractor's secure building underscores the complexity of the work
ahead," Nicholson said.
Lawmakers were critical of the VA. Rep. Lane Evans of Illinois, the top
Democrat on the House Veterans' Affairs Committee, called the latest data
breach "yet another wake-up call."
"Today's announcement by the VA that sensitive personal information of
veterans was compromised by a VA subcontractor last week confirms that the
VA must move quickly to protect the information it maintains on veterans and
their families," Evans said.
"I am absolutely appalled that another computer containing the personal
information of veterans has gone missing," said Sen. Rick Santorum, a
Pennsylvania Republican. "Those responsible must be held accountable, and
the VA clearly needs to do a better job of overseeing its contracting