[Infowarrior] - Data on 2.2M Active Troops Stolen From VA

[Richard Forno]

Data on 2.2M Active Troops Stolen From VA
http://apnews.myway.com/article/20060607/D8I32RVO1.html
Jun 6, 9:37 PM (ET)

By HOPE YEN

WASHINGTON (AP) - Personal data on about 2.2 million active-duty military,
Guard and Reserve personnel - not just 50,000 as initially believed - were
among those stolen from a Veterans Affairs employee last month, the
government said Tuesday.

VA Secretary Jim Nicholson said the agency was mistaken when it said over
the weekend that up to 50,000 Navy and National Guard personnel - and no
other active-duty personnel - were affected by the May 3 burglary.

In fact, names, birth dates and Social Security numbers of as many as 1.1
million active-duty personnel from all the armed forces - or 80 percent of
all active-duty members - are believed to have been included, along with
430,000 members of the National Guard, and 645,000 members of the Reserves.

"VA remains committed to providing updates on this incident as new
information is learned," Nicholson said in a statement, explaining that it
discovered the larger numbers after the VA and Pentagon compared their
electronic files more closely.

His announcement came shortly after the Pentagon distributed a briefing memo
to Congress - obtained by The Associated Press - that said the 50,000 figure
cited over the weekend was understated.

The disclosure is the latest in a series of revisions by the government as
to who was affected since publicizing the burglary on May 22. At the time,
the VA said the stolen data involved up to 26.5 million veterans discharged
since 1975, as well as some of their spouses.

It also came as a coalition of veterans' groups charged in a lawsuit against
the federal government Tuesday that their privacy rights were violated by
the theft. The class-action lawsuit, filed in U.S. District Court in
Washington, is the second suit since the VA disclosed the burglary two weeks
ago.

Veterans advocates immediately expressed outrage.

"The magnitude of this data breach is simply breathtaking and overwhelming,"
said Rep. Lane Evans, D-Ill., the top Democrat on the House Veterans'
Affairs Committee. He called on the Government Accountability Office,
Congress' investigative arm, to launch an investigation and get a full
accounting.

"Instead of continuing to eke out the information, drip by drip, on an
almost daily basis, adding to the list of those whose personal information
is at risk, the Department of Veterans Affairs must get to the bottom of
this now, fix the problem and put veterans' minds at ease," he said.

Joe Davis, a spokesman for Veterans of Foreign Wars, said the VA must come
clean after three weeks of "this debacle."

"This confirms the VFW's worst fear from day one - that the loss of data
encompasses every single person who did wear the uniform and does wear the
uniform today," he said.

In the VA statement, Nicholson said the total number of military personnel
affected by the theft - 26.5 million - remains unchanged.

The VA initially assumed its data would only include veterans, but upon
closer investigation it realized it had records for active-duty personnel
because they are eligible to receive certain VA benefits such as GI Bill
educational assistance and the home loan guarantee program.

The VA previously has said that veterans discharged before 1975 might also
be affected if they submitted claims.

The lawsuit filed Tuesday demands that the VA fully disclose which military
personnel are affected by the data theft and seeks $1,000 in damages for
each person - up to $26.5 billion total. The veterans are also seeking a
court order barring VA employees from using sensitive data until independent
experts determine proper safeguards.

"VA arrogantly compounded its disregard for veterans' privacy rights by
recklessly failing to make even the most rudimentary effort to safeguard
this trove of the personally identifiable information from unauthorized
disclosure," the complaint says.

In response to the lawsuit, the VA said it is in discussions with
credit-monitoring services to determine "how veterans and others potentially
affected can best be served" in the aftermath of the theft, said spokesman
Matt Burns.

Maryland authorities, meanwhile, announced they were offering a $50,000
reward for information leading to the return of the laptop or media drive
taken during the May 3 burglary at a VA data analyst's home in Aspen Hill,
Md.

Veterans groups have criticized the VA for a three-week delay in publicizing
the burglary. The VA initially disclosed the burglary May 22, saying it
involved the names, birth dates and Social Security numbers - and in some
cases, disability codes - of veterans discharged since 1975.

Since then, it also has acknowledged after an internal investigation that
the data could also include phone numbers and addresses of those veterans.

There have been no reports that the stolen data have been used for identity
theft in what has become one of the nation's largest security breaches.

On Tuesday, the Montgomery County, Md., police department stepped up efforts
to apprehend the burglars, asking the public to contact authorities if they
recently purchased a used Hewlett-Packard laptop or HP external drive.

Anyone who purchased a used Hewlett Packard Laptop model zv5360us or HP
external personal media drive after May 3 was asked to call Montgomery
County Crime Solvers at 1-866-411-TIPS (8477). Anyone with the stolen
equipment can turn it in anonymously and become eligible for the $50,000
reward, police said.

The five veterans' groups involved in the lawsuit are Citizen Soldier in New
York; National Gulf War Resource Center in Kansas City; Radiated Veterans of
America in Carson City, Nev.; Veterans for Peace in St. Louis; and Vietnam
Veterans of America in Silver Spring, Md.

Separately, a Democratic activist also has sued the VA in federal court in
Cincinnati.