WASHINGTON – Veterans Affairs officials waited two weeks to call in the FBI to investigate the theft of sensitive personal data, delaying a warning to 26.5 million veterans now at risk in one of the nation’s largest security breaches. Lawmakers from both parties demanded answers.
Burglars struck the suburban Maryland home of the VA data analyst in early May, taking a government-owned laptop and disks containing the names, Social Security numbers and birth dates of veterans discharged since 1975.
But the FBI wasn’t notified until late last week, two law enforcement officials said Tuesday, speaking on condition of anonymity because they were not authorized to talk publicly about the investigation.
“This is a scandal,” said Senate Democratic leader Harry Reid, D-Nev., in a briefing with reporters. “The information was kept from the American public. I would hope that the administration is figuring out a way to find out what happened.”
Sen. Larry Craig, R-Idaho, chairman of the Senate Committee on Veterans Affairs, said his panel would hold an emergency hearing Thursday because “26 million people deserve answers.” VA Secretary Jim Nicholson was expected to testify.
Matthew Burns, a VA spokesman, did not return repeated phone calls seeking comment. In a briefing Monday, Nicholson said the agency was seeking to act promptly to inform veterans by notifying Congress and setting up a call center, 1-800-FED-INFO, and Web site, www.firstgov.gov.
Meanwhile, in a briefing paper to Congress, acting VA inspector general Jon Wooditch said he was closely reviewing the theft from a VA data analyst’s Maryland home, noting that his office had long cautioned that access controls were weak.
The VA disclosed this week that the personal information – mainly from veterans discharged since 1975 – was stolen from a midlevel employee’s home in what appeared to be a routine burglary. The material included the veterans’ Social Security numbers, birth dates and in some cases a disability rating – a score of between 1 to 100 on how disabled a veteran is.
Nicholson has sought to downplay the seriousness of the breach, noting there was no evidence the burglars used the information or even knew they had it. But privacy experts said Tuesday the potential for fraud is significant.
An estimated 3.6 million U.S. households, or three of every 100, reported being victims of identity theft in the last half of 2004, a U.S. Justice Department study found. The VA security breach is second only to a hacking incident last June at CardSystems Solutions in which the accounts of 40 million credit card holders were compromised.