Congressmen blast VA for electronic security practices
May 26, 2006
WASHINGTON — Members of Congress on Thursday strongly criticized the Veterans Affairs Department for its electronic security practices and for betraying veterans’ trust following the theft of personal data files of 26.5 million retired military personnel and their spouses.
“This isn’t just the issue of one low-level employee,” said House Veterans Affairs Chairman Steve Buyer, R-Ind. “There is very serious mismanagement of information technology at every stage.”
Department officials testified that veterans’ names, dates of birth, Social Security numbers and some disability information were taken during a burglary at a VA employee’s Maryland home on May 3.
So far investigators have not seen any evidence that the data has been used in identity theft crimes, but the department has warned all of the affected veterans — everyone discharged between 1975 and April 2006, plus about 7 million older veterans and some spouses — should be on the lookout for suspicious activity.
VA secretary Jim Nicholson testified that he was not personally informed of the theft until May 16, even though agency supervisors knew of the potential problem as early as May 4. The department made its first public announcement about the missing data on May 22.
“I will not tolerate inaction or poor judgment when it comes to protecting our veterans,” he said, adding that he already has several employees and supervisors involved “in his sights.”
But House Democrats said targeting low-level workers in this case alone won’t solve the VA’s systemic problems. They pointed to years of federal reports and reprimands for the VA over the issue of cybersecurity, and accused Nicholson of indifference to the issue even now.
“The most dramatic way you could actually take responsibility for this management debacle would be for you to resign now,” said Rep. Bob Filner, D-Calif.
Filner became even more exasperated after Nicholson commented that informing all of the affected veterans will take time, because “right now we can’t even get a hold of 26.5 million envelopes.”
The VA inspector general reported Thursday that the employee who was robbed, a data analyst who has worked at the VA for 30 years, was working on telephone polling management and routinely took the sensitive data home, in violation of department guidelines.
They also noted federal investigators weren’t brought into the case until more than a week after the theft, because of a sluggish response from the employee’s supervisors.
“I can’t explain these lapses in judgment on behalf of my people,” Nicholson told the Senate Veterans Affairs Committee. “I’m so damn mad at the loss of this data and the fact that one person could put all of us (veterans) at risk.”
“It’s painfully evident we have a great deal to do.”
Nicholson told both chambers he could not say whether his department would pay for additional credit monitoring for veterans, or for legal representation if individuals are forced to go after criminals who have stolen their identities.
He also had no comment on Buyer’s idea to issue a $1 million award for any information leading to the recovery of the missing data.
“We’re talking about spending far more to fix this,” Buyer said.
Nicholson said the department will issue new guidelines on the use of veterans’ personal data files by the end of June, and is reviewing how many employees can obtain the data and whether they should retain that access.
“We know virtually nothing about who has access to that information,” he told the members of Congress, noting that many VA employees telecommute and routinely use unsecured computers. “Some of them haven’t had a background check in 32 years.”
Protect your identity
The Department of Veterans Affairs is encouraging veterans whose personal information may have been compromised to monitor their financial accounts. The department will provide assistance to veterans calling (800) 333-4636, and through the Web site www.firstgov.gov.
They are also recommending that the affected veterans place a fraud alert on their credit file through one of the three major credit services:
Equifax, 877-478-7625 or www.equifax.com;
Experian, 888-397-3742; www.experian.com;
TransUnion, 800-680-7289; www.transunion.com.
All affected veterans will also receive a letter from the department explaining the theft and the investigation.
— Leo Shane III