Data on 26 million veterans stolen from home
Burglary appears to be random, says Veterans Affairs secretary

Monday, May 22, 2006; Posted: 5:46 p.m.


Department of Veterans Affairs

(800) FED-INFO
YOUR E-MAIL ALERTS

Department of Veterans Affairs
Theft

Manage Alerts | What Is This? WASHINGTON (CNN) -- Personal information on 26.5 million veterans was stolen from the home of a data analyst in what appears to have been a random burglary, Veterans Affairs Secretary Jim Nicholson said Monday.

The computer records include names, Social Security numbers and dates of birth, Nicholson said. The Department of Veterans Affairs disclosed the theft Monday and said it has seen no indication that the information has been misused.

The missing data does not include health records or financial information, the department said. It does include some disability ratings and data on some veterans' spouses.

The VA would not identify the employee who was robbed or the location of the home, and would say only that the burglary happened this month.

Nicholson disclosed few details about the theft, citing an investigation by his department's inspector general and the FBI. But he said, "We think that it wasn't a targeted burglary."

"They weren't after this [data]," he told CNN. "There's a pattern of these kind of burglaries in this neighborhood."

The analyst took the data home without authorization, Nicholson said. Department spokesman Matt Burns said the employee has been put on administrative leave while the investigation is conducted.

Nicholson said the theft is "disturbing," but that there is no immediate reason for veterans to believe "anything unsavory is going on."

But the missing information can be gold for electronic identity thieves, who operate hundreds of Internet sites where personal information is bought and sold.

"It's a pretty dire situation," said Rutrell Yasin, technology editor of Federal Computer Week, which covers computer and information technology issues in the federal government. "You have to hope that information is not in the hands of people who know what to do with it."

Yasin said the incident should be a wake-up call to federal agencies.

"They should certainly have the necessary security on their computers, secure communications links that would protect personal data," Yasin told CNN.

The VA sent a letter to veterans informing them of the stolen data. Anyone with questions can contact the agency at 1-800-333-4636 or through the federal government's Web portal, www.firstgov.gov.

The department said Nicholson has briefed Attorney General Alberto Gonzales and Deborah Platt Majoras, the chairwoman of the Federal Trade Commission. Gonzales and Majoras lead the Bush administration's identity theft task force.

Hearings vowed
Several members of Congress expressed concerns about the incident.

Sen. Larry Craig, chairman of the Veterans Affairs Committee, said Monday that all veterans should be "vigilant" in monitoring their own financial information for suspicious activity.

"I've got to ask -- and certainly I have to ask it of not only the VA but all of government -- why can a data analyst take all of this information home?" the Idaho Republican told CNN. "That's a breach of security -- in today's concern about ID theft -- that is huge.

"Of course, I think it awakened the secretary to the vulnerability within his own organization, and that's true, I would guess, across government," he said.

Craig said authorities were still not certain whether the burglary was targeted or random, and he promised hearings "at the appropriate time."

"This is something now that really deserves our overview and a review by all of government as it relates to this kind of information and how it is being handled," he said.

Rep. Steve Buyer, Craig's counterpart in the House, said he is "deeply concerned" by the stolen data.

"I expect VA's inspector general and the FBI to work closely together so that we can identify and eliminate the flaws that allowed this leak and prosecute any criminal acts," the Indiana Republican said in a written statement.

"I know that VA is taking steps to notify veterans and provide help on consumer identity protection. The committee will examine this incident in the context of previous data compromises, to ensure that veterans' information is safeguarded," he said.

CNN's Marsha Walton contributed to this report.