IE 11 is not supported. For an optimal experience visit our site on another browser.

VA agrees to settle for $20M for data theft

The Veterans Affairs Department has agreed to pay up to $20 million to veterans for exposing them to possible identity theft in 2006 after losing their sensitive personal information.
/ Source: The Associated Press

The Veterans Affairs Department agreed Tuesday to pay $20 million to veterans for exposing them to possible identity theft in 2006 by losing their sensitive personal information.

In court filings Tuesday, lawyers for the VA and the veterans said they had reached agreement to settle a class-action lawsuit originally filed by five veterans groups alleging invasion of privacy. The money, which will come from the U.S. Treasury, will be used to pay veterans who can show they suffered actual harm, such as physical symptoms of emotional distress or expenses incurred for credit monitoring.

U.S. District Judge James Robertson in Washington must approve the terms of the settlement before it becomes final.

"This settlement means the VA is finally accepting full responsibility for a huge problem that continues to worry millions of veterans, retirees, service members and families," said Joe Davis, spokesman for Veterans of Foreign Wars, which was not involved in the lawsuit.

VA spokesman Phil Budahn said: "We want to assure veterans there is no evidence that the information involved in this incident was used to harm a single veteran."

The lawsuit came after a VA data analyst in 2006 admitted that he had lost a laptop and external drive containing the names, birth dates and Social Security numbers of up to 26.5 million veterans and active-duty troops.

The laptop was later recovered intact, but a blistering report by the VA inspector general faulted both the data analyst and his supervisors for putting veterans at unreasonable risk. The data analyst had lost the information when his suburban Maryland home was burglarized on May 3, 2006, after taking the data home without permission.

The VA employee promptly notified his superiors, but due to a series of delays, veterans were not told of the theft until nearly three weeks later, on May 22. Then-VA Secretary James Nicholson later said he was "mad as hell" that he wasn't immediately told about the burglary.

According to the proposed settlement, veterans who show harm from the data theft will be able to receive payments ranging from $75 to $1,500. If any of the $20 million is left over after making payments, the remainder would be donated to veterans' charities agreed to by the parties, such as the Fisher House Foundation Inc. and The Intrepid Fallen Heroes Fund.

Attorneys for the veterans groups said notices about the proposed settlement will be published in magazines and newspapers around the country, with a toll-free number and other contact information for veterans.

Five veterans groups filed a class-action lawsuit in June 2006 in U.S. District Court in Washington on behalf of all veterans, seeking $1,000 in damages for every veteran whose information was compromised in the computer theft.

"This is a very positive result," said Douglas J. Rosinski, an attorney representing the veterans groups. "A lot of hard work went into finding a resolution that all the parties could be proud to say they were a part of bringing about."