Personal data on 2.2 million troops stolen
WASHINGTON (Reuters) - Personal information on about 2.2 million active-duty,
National Guard and Reserve troops was stolen last month from a government employee's house, officials said on Tuesday in the
latest revelation of a widening scandal.
VA Secretary Jim Nicholson said the agency was mistaken when it said over
the weekend that up to 50,000 Navy and National Guard personnel — and no other active-duty personnel — were affected
by the May 3 burglary.
In fact, names, birth dates and Social Security numbers of as many as 1.1 million active-duty personnel from all the
armed forces — or 80 percent of all active-duty members — are believed to have been included, along with 430,000
members of the National Guard, and 645,000 members of the Reserves.
"VA remains committed to providing updates on this incident as new information
is learned," Nicholson said in a statement, explaining that it discovered the larger numbers after the VA and Pentagon compared their electronic files more closely.
His announcement came shortly after the Pentagon distributed a briefing
memo to Congress — obtained by The Associated Press — that said the 50,000 figure cited over the weekend was understated.
The disclosure is the latest in a series of revisions by the government
as to who was affected since publicizing the burglary on May 22. At the time, the VA said the stolen data involved up to 26.5
million veterans discharged since 1975, as well as some of their spouses.
It also came as a coalition of veterans' groups charged in a lawsuit against
the federal government Tuesday that their privacy rights were violated by the theft. The class-action lawsuit, filed in U.S.
District Court in Washington, is the second suit since the VA disclosed the burglary two weeks ago.
Veterans advocates immediately expressed outrage.
"The magnitude of this data breach is simply breathtaking and overwhelming,"
said Rep. Lane Evans, D-Ill., the top Democrat on the House Veterans'
Affairs Committee. He called on the Government Accountability Office, Congress' investigative arm, to launch an investigation and get a
"Instead of continuing to eke out the information, drip by drip, on an almost
daily basis, adding to the list of those whose personal information is at risk, the Department of Veterans Affairs must get to the bottom of this now, fix the problem and put veterans'
minds at ease," he said.
Joe Davis, a spokesman for Veterans of Foreign Wars, said the VA must come
clean after three weeks of "this debacle."
"This confirms the VFW's worst fear from day one — that the loss of
data encompasses every single person who did wear the uniform and does wear the uniform today," he said.
In the VA statement, Nicholson said the total number of military personnel
affected by the theft — 26.5 million — remains unchanged.
The VA initially assumed its data would only include veterans, but upon
closer investigation it realized it had records for active-duty personnel because they are eligible to receive certain VA
benefits such as GI Bill educational assistance and the home loan guarantee program.
The VA previously has said that veterans discharged before 1975 might also
be affected if they submitted claims.
The lawsuit filed Tuesday demands that the VA fully disclose which military
personnel are affected by the data theft and seeks $1,000 in damages for each person — up to $26.5 billion total. The
veterans are also seeking a court order barring VA employees from using sensitive data until independent experts determine
"VA arrogantly compounded its disregard for veterans' privacy rights by
recklessly failing to make even the most rudimentary effort to safeguard this trove of the personally identifiable information
from unauthorized disclosure," the complaint says.
In response to the lawsuit, the VA said it is in discussions with credit-monitoring
services to determine "how veterans and others potentially affected can best be served" in the aftermath of the theft, said
spokesman Matt Burns.
Maryland authorities, meanwhile, announced they were offering a $50,000
reward for information leading to the return of the laptop or media drive taken during the May 3 burglary at a VA data analyst's
home in Aspen Hill, Md.
Veterans groups have criticized the VA for a three-week delay in publicizing
the burglary. The VA initially disclosed the burglary May 22, saying it involved the names, birth dates and Social Security
numbers — and in some cases, disability codes — of veterans discharged since 1975.
Since then, it also has acknowledged after an internal investigation that
the data could also include phone numbers and addresses of those veterans.
There have been no reports that the stolen data have been used for identity
theft in what has become one of the nation's largest security breaches.
On Tuesday, the Montgomery County, Md., police department stepped up efforts
to apprehend the burglars, asking the public to contact authorities if they recently purchased a used Hewlett-Packard laptop
or HP external drive.
Anyone who purchased a used Hewlett Packard Laptop model zv5360us or HP
external personal media drive after May 3 was asked to call Montgomery County Crime Solvers at 1-866-411-TIPS (8477). Anyone
with the stolen equipment can turn it in anonymously and become eligible for the $50,000 reward, police said.
The five veterans' groups involved in the lawsuit are Citizen Soldier in
New York; National Gulf War Resource Center in Kansas City; Radiated Veterans of America in Carson
City, Nev.; Veterans for Peace in St. Louis; and Vietnam Veterans of America in Silver Spring, Md.
Separately, a Democratic activist also has sued the VA in federal court