America's veterans were sent scrambling for their credit reports Monday, as the Veteran's administration announced nearly all of them — and some of their family members — were at heightened risk for identity theft.
A long-time analyst at the massive federal agency was blamed for the theft of 26.5 million Social Security numbers after he took home sensitive data and his home was burglarized, the agency said. Now the VA is sending letters to every living veteran and some of their spouses with the bad news.
The stolen data included names, Social Security numbers, dates of birth and numerical disability ratings. No medical records or financial information had been compromised, Veterans Affairs Secretary Jim Nicholson said.
The theft occurred in May, but the agency released few additional details. It would not say what the analyst was working on that required him to take that much information home.
At a press conference on Monday, neither Nicholson nor Attorney General Alberto Gonzalez would provide additional details about the theft.
"We are working hard with local authorities and with the investigator general of the Veterans Administration to try to find out what has happened here," Gonzalez said. "For law enforcement purposes, it would be helpful not to get into specifics about what happened."
Veterans are being urged to check their credit report for free at AnnualCreditReport.com, and consider placing a fraud alert on their credit files at the nation's three credit bureaus. The Federal Trade Commission has detailed instructions on placing fraud alerts at its Web site.
Norm Magnuson, spokesman for the Consumer Data Industry Association, says the bureaus have been told to prepare for additional inquiries. Veterans looking for additional information can call a toll-free number — 1-800-333-4636 — which is prepared to handle 250,000 calls each day.
But vets who tried that on Monday often found little information was available.
"I just called the hotline number ... and the person answering the phone did not know anything about it," said veteran Jeff Phillips. "I was told that it was not possible to tell me if my info was among the info that was stolen because the data base was so big. I was told to monitor my credit and thank you for calling."
A source familiar with the investigation said the data was originally stored safely on a government-issued computer and password-protected; but the data was then copied by the analyst to a home computer, where it was no longer protected. That home computer was among the items taken during the burglary.
The analyst — described on as a "long-time employee" of the VA — has been placed on administrative leave.
"We have policies and procedures in place and people generally follow them but this individual did not, took this data home to work on it and this very unfortunate outcome has resulted," Nicholson said. The agency will take other steps to prevent against future data breeches. Additional background checks will be completed, and every employee at the agency will receive "cybersecurity awareness training" before the end of June, he said.
Nicholson stressed there was no indication that the stolen information was being used to commit identity theft, and raised the possibility that the thief did not even realize the value of the data on the stolen computer. However, he said every veteran whose information was compromised will be notified as a precaution.
"We must exercise an abundance of caution and make veterans aware," he said.
Bob Sullivan is author of Your Evil Twin: Behind the Identity Theft Epidemic.