IGWC Home

To participate in the bulletin board discussion click here

 

http://www.foxnews.com/story/0,2933,196493,00.html

Monday, May 22, 2006

Social Security Numbers for Millions of Veterans Stolen From Senior Official's Home

WASHINGTON  — A computer disk with personal information about millions of U.S. veterans was stolen from the home of a senior Veterans Affairs official, congressional sources said Monday.  

Veterans Affairs Secretary Jim Nicholson and the agency's deputy secretary planned a noon conference call on the stolen information with more details.

The disk contained Social Security numbers, disability ratings and other personal information.

 --------------------------------------------------------------------------------------------------

http://www.foxnews.com/story/0,2933,196492,00.html

Social Security Numbers for Millions of Veterans Stolen From V.A. Official's Home
Monday, May 22, 2006

STORIES LINKS
•NSA Call-Record Data Mining No Surprise to Security Experts
•21-Year-Old Hacker Sentenced to Nearly Five Years in Prison
•Judge: U.S. Rules Enabling Internet Wiretaps 'Gobbledygook'
•Calif. Man Pleads Guilty to Hacking Defense, Hospital Computers
•Have Identity Thieves Got Your Number?
•How Credit-Card Numbers Are Stolen on the Web
•Cybercrime More Widespread, Skillful, Dangerous Than Ever
•Student Soc. Security Numbers Mistakenly E-Mailed

WASHINGTON — Personal data, including Social Security numbers of 26.5 million U.S. veterans, was stolen from a Veterans Affairs employee this month after he took the information home without authorization, the department said Monday.

Click here to read the statement by the Department of Veterans Affairs.

Veterans Affairs Secretary Jim Nicholson said there was no evidence so far that the burglars who struck the employee's home have used the personal data — or even know they have it. The employee, a data analyst whom Nicholson would not identify, has been placed on leave pending a review.

"We have a full-scale investigation," said Nicholson, who said the FBI, local law enforcement and the VA inspector general were investigating. "I want to emphasize, there was no medical records of any veteran and no financial information of any veteran that's been compromised."

"We have decided that we must exercise an abundance of caution and make sure our veterans are aware of this incident," he said in a conference call with reporters.

The theft of veterans' names, Social Security numbers and dates of birth comes as the department has come under criticism for shoddy accounting practices and for falling short on the needs of veterans.

(Story continues below)

Last year, more than 260,000 veterans could not sign up for services because of cost-cutting. Audits also have shown the agency used misleading accounting methods and lacked documentation to prove its claimed savings.

Click here for FOXNews.com's Identity Theft section.

Click here for FOXNews.com's Cybersecurity Center.

Veterans advocates immediately expressed alarm.

"This was a very serious breach of security for American veterans and their families," said Bob Wallace, executive director of Veterans for Foreign Wars. "We want the VA to show leadership, management and accountability for this breach."

Sen. John Kerry, D-Mass., who is a Vietnam veteran, decried the breach and said he would introduce legislation to require the VA to provide credit reports to the veterans affected by the theft.

"This is no way to treat those who have worn the uniform of our country," Kerry said in a statement "Someone needs to be fired, the perpetrators need to be caught and the security system at the VA needs to be massively overhauled."

On Monday, the VA said it was notifying members of Congress and the individual veterans about the burglary. It also set up a call center at 1-800-FED-INFO and Web site, http://www.firstgov.gov if veterans believe their information has been misused.

It also is stepping up its review of procedures for the use of personal data for many of its employees who telecommute as well as others who must sign disclosure forms showing they are aware of federal privacy laws and the consequences if they're violated.

Nicholson declined to comment on the specifics of the incident, which involved a mid-level career employee who had taken the information home to suburban Maryland — on disks, according to congressional sources who were briefed on the incident — to work on a department project.

The residential community had been a target of a series of burglaries and the employee was victimized earlier this month, according to the FBI in Baltimore, which was investigating the incident.

Click here to read the notification letter. (pdf)

The material represents personal data of all living veterans who served and have been discharged since 1976, according to the department. The information was included in the veterans' discharge summary that goes into a government database.


FOXNEWS.COM HOME > NATIONALBACK TO TOP

----------------------------------------------------------------------------------

vetassist
Avatar Image
Sgt.
Member # 451

Member Rated:
4 		Icon 1 posted May 23, 2006 06:06 AM      Profile for vetassist   Author's Homepage   Email vetassist   Send New Private Message       Edit/Delete Post   Reply With Quote 
http://veterans.house.gov/news/109/Notification_Letter.pdf
links to "House Committee on Veterans Affairs"

VA’s Notification letter being sent to Veterans

 
quote:
Dear Veteran:
The Department of Veterans Affairs (VA) has recently learned that an employee
took home electronic data from VA, which he was not authorized to do and was in
violation of established policies. The employee’s home was burglarized and this data was
stolen. The data contained identifying information including names, social security
numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as
some disability ratings. As a result of this incident, information identifiable with you was
potentially exposed to others. It is important to note that the affected data did not include
any of VA’s electronic health records or any financial information.
Appropriate law enforcement agencies, including the FBI and the VA Inspector
General’s office, have launched full-scale investigations into this matter. Authorities
believe it is unlikely the perpetrators targeted the items because of any knowledge of the
data contents. It is possible that they remain unaware of the information which they
possess or of how to make use of it.
Out of an abundance of caution, however, VA is taking all possible steps to
protect and inform our veterans. While you do not need to take any action unless you are
aware of suspicious activity regarding your personal information, there are many steps
you may take to protect against possible identity theft and we wanted you to be aware of
these. Specific information is included in the attached question and answer sheet. For
additional information, VA has teamed up the Federal Trade Commission and has a
website (www.firstgov.gov) with information on this matter or you may call 1-800-FEDINFO
(1-800-333-4636). The call center will operate from 8 a.m. to 9 p.m. (EDT),
Monday-Saturday, as long as it is needed.
We apologize for any inconvenience or concern this situation may cause, but we
at VA believe it is important for you to be fully informed of any potential risk resulting
from this incident. Again, we want to reassure you we have no evidence that your
protected data has been misused. We will keep you apprised of any further developments.
The men and women of VA take our obligation to honor and serve America’s veterans
very seriously and we are committed to seeing this never happens again. Sincerely, R.
James Nicholson Secretary of Veterans Affairs
Sincerely,
R. James Nicholson
Secretary of Veterans Affairs
Thought you might be interested to read the letter being sent to veterans before you get it in the mail. The information available at www.firstgov.gov is the following:

 
quote:
Latest Information on Veterans Affairs Data Security
The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of VA policies. This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. Importantly, the affected data did not include any of VA's electronic health records nor any financial information. The employee's home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation.

Appropriate law enforcement agencies, including the FBI and the VA Inspector General's office, have launched full-scale investigations into this matter. Authorities believe it is unlikely the perpetrators targeted the items because of any knowledge of the data contents. It is possible that they remain unaware of the information which they possess or of how to make use of it. However, out of an abundance of caution, the VA is taking all possible steps to protect and inform our veterans.

The VA is working with members of Congress, the news media, veterans service organizations, and other government agencies to help ensure that veterans and their families are aware of the situation and of the steps they may take to protect themselves from misuse of their personal information. The VA will send out individual notification letters to veterans to every extent possible. Additionally, working with other government agencies, the VA has set up a manned call center that veterans may call to get information about this situation and learn more about consumer identity protections. That toll free number is 1-800-FED INFO (1-800-333-4636). The call center will operate from 8 am to 9 pm (EDT), Monday-Saturday as long as it is needed.

Here are some questions you may have about this incident, and their answers.

I'm a veteran. How can I tell if my information was compromised?

At this point there is no evidence that any missing data has been used illegally. However, the Department of Veterans Affairs is asking all veterans to be extra vigilant and to carefully monitor bank statements, credit card statements and any statements relating to recent financial transactions. If you notice unusual or suspicious activity, you should report it immediately to the financial institution involved and contact the Federal Trade Commission for further guidance.

What is the earliest date at which suspicious activity might have occurred due to this data breach?

The information was stolen from an employee of the Department of Veterans Affairs during the month of May 2006. If the data has been misused or otherwise used to commit fraud or identity theft crimes, it is likely that veterans may notice suspicious activity during the month of May.

I haven't noticed any suspicious activity in my financial statements, but what can I do to protect myself and prevent being victimized by credit card fraud or identity theft?

The Department of Veterans Affairs strongly recommends that veterans closely monitor their financial statements and review the guidelines provided on this webpage or call 1-800-FED-INFO (1-800-333-4636).

Should I reach out to my financial institutions or will the Department of Veterans Affairs do this for me?

The Department of Veterans Affairs does not believe that it is necessary to contact financial institutions or cancel credit cards and bank accounts, unless you detect suspicious activity.

Where should I report suspicious or unusual activity?

The Federal Trade Commission recommends the following four steps if you detect suspicious activity:

Step 1 – Contact the fraud department of one of the three major credit bureaus:

Equifax: 1-800-525-6285; www.equifax.com P.O. Box 740241, Atlanta, GA 30374-0241
Experian: 1-888-EXPERIAN (397-3742); www.experian.com P.O. Box 9532, Allen, Texas 75013
TransUnion: 1-800-680-7289; www.transunion.com Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
Step 2 – Close any accounts that have been tampered with or opened fraudulently.

Step 3 – File a police report with your local police or the police in the community where the identity theft took place.

Step 4 – File a complaint with the Federal Trade Commission by using the FTC's Identity Theft Hotline by telephone: 1-877-438-4338, online at http://www.consumer.gov/idtheft , or by mail at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington DC 20580.

I know the Department of Veterans Affairs maintains my health records electronically; was this information also compromised?

No electronic medical records were compromised. The data lost is primarily limited to an individual's name, date of birth, social security number, in some cases their spouse's information, as well as some disability ratings. However, this information could still be of potential use to identity thieves and we recommend that all veterans be extra vigilant in monitoring for signs of potential identity theft or misuse of this information.

What is the Department of Veterans Affairs doing to insure that this does not happen again?

The Department of Veterans Affairs is working with the President's Identity Theft Task Force, the Department of Justice and the Federal Trade Commission to investigate this data breach and to develop safeguards against similar incidents. The Department of Veterans Affairs has directed all VA employees complete the "VA Cyber Security Awareness Training Course" and complete the separate "General Employee Privacy Awareness Course" by June 30, 2006. In addition, the Department of Veterans Affairs will immediately be conducting an inventory and review of all current positions requiring access to sensitive VA data and require all employees requiring access to sensitive VA data to undergo an updated National Agency Check and Inquiries (NACI) and/or a Minimum Background Investigation (MBI) depending on the level of access required by the responsibilities associated with their position. Appropriate law enforcement agencies, including the Federal Bureau of Investigation and the Inspector General of the Department of Veterans Affairs, have launched full-scale investigations into this matter.

Where can I get further, up-to-date information?

The Department of Veterans Affairs has set up a special website and a toll-free telephone number for veterans that features up-to-date news and information. Please check this webpage for further updates or call 1-800-FED-INFO (1-800-333-4636).
This seems very limited to me but it is what is posted at http://www.firstgov.gov

--------------------
http://vetassist.blogspot.com
Live simply. Love generously.
Care deeply, Speak kindly.
Leave the rest to God.
 

--------------------------------------------------------------------------------

Gale
Avatar Image
Admin IGWC
Member # 4

Member Rated:
5 		Icon 1 posted May 23, 2006 01:20 PM      Profile for Gale   Email Gale   Send New Private Message       Edit/Delete Post   Reply With Quote 
Email forwarded from Lisa Bogle (DAV). --Gale


M E M O R A N D U M

TO: Action E-List


FROM: David W. Gorman, Executive Director, Washington Headquarters

SUBJ: DEPARTMENT OF VETERANS AFFAIRS DATA THEFT

DATE: May 23, 2006

I have included links below to vital information about the reported theft of personal information, including Social Security numbers and birth dates, of some 26.5 million veterans resulting from a serious lapse in Department of Veterans Affairs (VA) security and privacy protection policies and procedures. Every veteran should stay alert to potential misuse of the stolen information by monitoring credit reports and financial statements.

The VA has set up a call center at 1-800-333-4636. Information can also be accessed on the web using the following links: http://www.firstgov.gov/veteransinfo.shtml  www.va.gov/opa  and http://www.dav.org/news/news_20060522.html

If you detect suspicious activity regarding your credit card or bank account, the Federal Trade Commission recommends you take the following four steps:

Step 1: Contact the fraud department of one of the three major credit bureaus:
• Equifax: 1-800-525-6285; www.equifax.com P.O. Box 740241, Atlanta, GA 30374-0241
• Experian: 1-888-EXPERIAN (397-3742); www.experian.com P.O. Box 9532, Allen, TX 75013
• TransUnion: 1-800-680-7289; www.transunion.com Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790.

Step 2: Close any accounts that have been tampered with or opened fraudulently.

Step 3: File a police report with your local police or the police in the community where the identity theft took place.

Step 4: File a complaint with the Federal Trade Commission (FTC) by using the FTC’s Identity Theft Hotline by telephone: 1-877-438-4338, online at www.consumer.gov/idtheft or by mail at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, D.C. 20580.

As of this date, the DAV has written Secretary of Veterans Affairs R. James Nicholson to demand the immediate termination of the VA employee who took the stolen electronic data home with him in the first place and that the Department take urgent corrective action to safeguard the personal information of our nation’s veterans.

I hope this information is helpful to you.