redtape.msnbc.com Posted: Monday, May 22 at 03:14 pm CT by Bob Sullivan
It is perhaps the largest theft of Social Security numbers to date. And the victims, who once put their lives on the line for their country, appear to be getting even less compensation than most victims of data theft.
On Monday, the Veterans Administration announced that an employee had taken home data on 26.5 million veterans, and that data was stolen. It's a staggering amount, dwarfing other recent high-profile incidents at major U.S. firms like Citibank, ChoicePoint, and Bank of America. And yet, the support offered to victims by the VA is dwarfed by the support corporate America has offered in similar situations.
It's become standard practice for data leakers to offer free credit monitoring to victims, so they are able to watch their credit reports daily for signs of misuse. The services are available from the credit bureaus, and cost about $10 a month. Corporations that leak data and foot the bill usually get big discounts.
So far, the vets haven't been offered credit monitoring. Instead, the VA is reminding victims that they are entitled to a free copy of their credit report every year, and then basically wishing them good luck.
That's insufficient. For starters, vets who've already gotten their one free peek at credit bureau data this year cannot get a free report at AnnualCreditReport.com – they have to go through more complicated steps, and might end up paying for it.
Meanwhile, a single peek at their credit report today would probably reveal very little. Fraudulent accounts can take weeks or months to appear, meaning it would be better to take that one peek in a month or two. But even that's a tepid step at best to spy signs of identity theft after a data leak like this.
The only way to know something bad is happening to your credit is to look at it repeatedly, at about the same frequency that you look at your checking account statement. It's hardly a perfect solution and doesn't catch every instance of ID theft, but it's a solid start. Credit monitoring services give consumers that kind of access. ChoicePoint, LexisNexus, and nearly all other commercial entities that have lost data have offered credit monitoring to victims for 3, 6, even 12 months.
The VA should do the same. Anything less is neglectful.
There is hope the veterans' data was stolen by a burglar who simply wanted the hardware, according to the VA. In the best case scenario, the data has already been erased and the hardware pawned at a small shop. But assuming that best case is a bit naive, at a time when virtually every petty thief knows the data on a computer is often far more valuable that a computer itself.
Offering 26 million people a service that retails for $10 a month would obviously be a costly expense for the VA, and might eat into funding for other essential programs. That’s where it’s time for the VA, the Federal Trade Commission, and the credit bureaus to get creative. Hopefully, this incident will serve as a chance to re-examine the entire issue of consumer access to credit reports. Consumers should never have to pay the credit bureaus to see if they are victims of identity theft. Certainly, veterans shouldn't have to. And most certainly, veterans who know their Social Security numbers have been stolen shouldn't have to.
For now, veterans who want more information are being told to call 1-800-FED-INFO. Much more information is available at the FirstGov.Gov Web site. There's also detailed instructions on how to place a temporary fraud alert on credit reports at the Federal Trade Commission's Web site.
UPDATE: Theft of vets' data kept secret for 19 days Social Security numbers of 26 million-plus veterans stolen
Tuesday, May 23, 2006; Posted: 3:34 p.m. EDT (19:34 GMT)
WASHINGTON (CNN) -- Authorities waited almost three weeks to alert the public that personal data on more than 26 million U.S. veterans had fallen into the hands of thieves, a government source said Tuesday.
The data were on a laptop and external drive stolen May 3 in an apparent random burglary from the Montgomery County, Maryland, home of a Department of Veterans Affairs computer analyst, said the government source, who has been briefed on the issue.
The government did not immediately announce the theft because officials had hoped to catch the culprits and did not want to tip them off about what they had stolen for fear they would sell it, the government source said.
On Monday, officials abandoned that plan and alerted the public.
Attorney General Alberto Gonzales said Tuesday that his department acted quickly.
"As soon as we were notified of the problem, we sprang into action," he said. "I'm focusing on what we can do moving forward to successfully conclude this investigation. Specific questions about what may have happened before, I'll refer to the VA."
The computer disk contained the names, Social Security numbers and birth dates of every living veteran from 1975 to the present, Veterans Affairs Secretary Jim Nicholson said Monday.
Nicholson told reporters that the FBI and the department's inspector general are investigating the matter.
Nicholson and Gonzales said there was no indication that the information has been misused.
The missing data do not include health records or financial information, the department said. They do include some disability ratings and data on some veterans' spouses. (Watch the implications of the security breach -- 2:23)
Nicholson said the analyst has been placed on administrative leave during the investigation but that no "ulterior motive" is suspected. The analyst is a longtime department employee but was not authorized to take the information home, he said.
Nicholson disclosed few details about the theft, citing the investigation. But he told CNN earlier, "We think that it wasn't a targeted burglary.
"They weren't after this [data]," he said. "There's a pattern of these kind of burglaries in this neighborhood."
But the missing information could be gold for electronic identity thieves, who operate hundreds of Internet sites where personal information is bought and sold.
"It's a pretty dire situation," said Rutrell Yasin, technology editor of Federal Computer Week, which covers computer and information technology issues in the federal government. "You have to hope that information is not in the hands of people who know what to do with it."
Yasin said the theft should be a wake-up call to federal agencies.
"They should certainly have the necessary security on their computers, secure communications links that would protect personal data," Yasin said.
Gonzales and Deborah Platt Majoras, chairwoman of the Federal Trade Commission, lead the Bush administration's identity theft task force. Gonzales vowed federal prosecutors would have "zero tolerance" for anyone implicated in trafficking in veterans' personal data.
"We have no reason to believe at this time that the identity of these veterans have been compromised," he said. "But we feel an obligation to alert veterans so that they can take the appropriate steps to protect this information."
The VA sent a letter to veterans informing them of the stolen data. Anyone with questions can contact the agency at (800) 333-4636 or through the federal government's Web portal, www.firstgov.gov.
The FBI said its Baltimore, Maryland, field office is investigating, and Gonzales said the bureau was working in conjunction with local authorities.
Nicholson vowed to take steps to ensure such a mistake is not repeated, including mandatory security training in the next month for all employees with access to private information.
Lawmakers cite concerns Lawmakers also expressed concerns about the stolen data.
Sen. Larry Craig, chairman of the Senate Committee on Veterans' Affairs, said Monday that all veterans should be "vigilant" in monitoring their financial information for suspicious activity.
"I've got to ask -- and certainly I have to ask it of not only the VA but all of government -- why can a data analyst take all of this information home?" the Idaho Republican said. "That's a breach of security -- in today's concern about ID theft -- that is huge.
"Of course, I think it awakened the secretary to the vulnerability within his own organization, and that's true, I would guess, across government."
Rep. Steve Buyer, Craig's counterpart in the House, said he is "deeply concerned."
"I expect VA's inspector general and the FBI to work closely together so that we can identify and eliminate the flaws that allowed this leak and prosecute any criminal acts," the Indiana Republican said in a written statement.
"I know that VA is taking steps to notify veterans and provide help on consumer identity protection. The committee will examine this incident in the context of previous data compromises, to ensure that veterans' information is safeguarded."
CNN's Terry Frieden, John King and Marsha Walton contributed to this report.
Market Data 
Markets 
AI
