Data on 26.5 million veterans stolen from home

[SEATJERKER]

...

...This is the worst breech of confidentialities that could happen for what could be "of those that served",...

...after 75, or 95, none the less, or before , or after any year, not one 'trace' element of info on any 'Veteran" should ever hit the market, and credit report/guard for life should be in order,...

...

[Arrow]

were in PDF form no less. For those that don't have an Adobe Reader here ya go.

Just myway of thinkin'but the last thing I'd ever believe someone lookin' to rob me wouldgrab up is acomputer disk; unless that disk was the target.


VA's Notification Letter to Veterans
Dear Veteran:

The Department of Veterans Affairs (VA) has recently learned that an employee took home electronic data from the VA, which he was not authorized to do and was infviolation of established policies. The employee?s home was burglarized and this data was stolen.

The data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. As a result of this incident, information identifiable with you was potentially exposed to others. It is important to note that the affected data did not include any of VA?s electronic health records or any financial information.

Appropriate law enforcement agencies, including the FBI and the VA Inspector General?s office, have launched full-scale investigations into this matter. Authorities believe it is unlikely the perpetrators targeted the items because of any knowledge of the data contents. It is possible that they remain unaware of the information which they possess or of how to make use of it.

Out of an abundance of caution, however, VA is taking all possible steps to protect and inform our veterans. While you do not need to take any action unless you are aware of suspicious activity regarding your personal information, there are many steps you may take to protect against possible identity theft and we wanted you to be aware of these. Specific information is included in the attached question and answer sheet. For additional information, the VA has teamed up the Federal Trade Commission and has a website

(www.firstgov.gov) with information on this matter or you may call 1-800-FED-INFO (1-800-333-4636).

The call center will operate from 8 a.m. to 9 p.m. (EDT), Monday-Saturday, as long as it is needed.

We apologize for any inconvenience or concern this situation may cause, but we at the VA believe it is important for you to be fully informed of any potential risk resulting from this incident.

Again, we want to reassure you we have no evidence that your protected data has been misused. We will keep you apprised of any further developments. The men and women of the VA take our obligation to honor and serve America?s veterans very seriously and we are committed to seeing this never happens again.

Sincerely,

R. James Nicholson

Secretary of Veterans Affairs

[Arrow]

Frequently Asked Questions

1- I?m a veteran, how can I tell if my information was compromised?

At this point there is no evidence that any missing data has been used illegally. However, the Department of Veterans Affairs is asking all veterans to be extra vigilant and to carefully monitor bank statements, credit card statements and any statements relating to recent financial transactions. If you notice unusual or suspicious activity, you should report it immediately to the financial institution involved and contact the Federal Trade Commission for further guidance.

2- What is the earliest date at which suspicious activity might have occurred due to this data breach?

The information was stolen from an employee of the Department of Veterans Affairs during themonth of May, 2006. If the data has been misused or otherwise used to commit fraud or identity theft crimes, it is likely that veterans may notice suspicious activity during the month of May.

3- I haven?t noticed any suspicious activity in my financial statements, but what can I do to protect myself and prevent being victimized by credit card fraud or identity theft?

The Department of Veterans Affairs strongly recommends that veterans closely monitor their financial statements and visit the Department of Veterans Affairs special website on this,

www.firstgov.gov or call 1-800-FED-INFO (1-800-333-4636).

4- Should I reach out to my financial institutions or will the Department of Veterans Affairs do this for me?

The Department of Veterans Affairs does not believe that it is necessary to contact financial institutions or cancel credit cards and bank accounts, unless you detect suspicious activity.

5- Where should I report suspicious or unusual activity?

The Federal Trade Commission recommends the following four steps if you detect suspicious activity:

Step 1 - Contact the fraud department of one of the three major credit bureaus:

Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241

Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, Texas 750132

TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

Step 2 - Close any accounts that have been tampered with or opened fraudulently

Step 3 - File a police report with your local police or the police in the community where the identity theft took place.

Step 4 - File a complaint with the Federal Trade Commission by using the FTC?s Identity Theft Hotline by telephone: 1-877-438-4338, online at www.consumer.gov/idtheft,

or by mail at

Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington DC 20580.

6- I know the Department of Veterans Affairs maintains my health records electronically; was this information also compromised?

No electronic medical records were compromised. The data lost is primarily limited to an individual?s name, date of birth, social security number, in some cases their spouse?s information, as well as some disability ratings. However, this information could still be of potential use to identity thieves and we recommend that all veterans be extra vigilant in monitoring for signs of potential identity theft or misuse of this information.

7- What is the Department of Veterans Affairs doing to insure that this does not happen again?

The Department of Veterans Affairs is working with the President?s Identity Theft Task Force, the Department of Justice and the Federal Trade Commission to investigate this data breach and to develop safeguards against similar incidents. The Department of Veterans Affairs has directed all VA employees complete the "VA Cyber Security Awareness Training Course" and complete the separate "General Employee Privacy Awareness Course" by June 30, 2006. In addition, the Department of Veterans Affairs will immediately be conducting an inventory and review of all current positions requiring access to sensitive VA data and require all employees requiring access to sensitive VA data to undergo an updated National Agency Check and Inquiries (NACI) and/or a Minimum Background Investigation (MBI) depending on the level of access required by the responsibilities associated with their position. Appropriate law enforcement agencies, including the Federal Bureau of Investigation and the Inspector General of the Department of Veterans Affairs, have launched full-scale investigations into this matter.

8- Where can I get further, up-to-date information?

The Department of Veterans Affairs has set up a special website and a toll-free telephone

number for veterans which features up-to-date news and information. Please visit

www.firstgov.gov or call 1-800-FED-INFO (333-4636).

[MORTARDUDE]

Since I spent all of my time in Information Technology functions with the IRS ( 32 years ), numerous red flags went up for me when this story was posted. Some questions I would like to see answered.

1) Was the accused a career VA employee or contractor.

1A ) If VA, What GS grade ?

2) How long had he worked there ?

3) What was his security clearance ?

4) What was his job description ?

5) How was this discovered ?

6) Are others involved ?

7) What media was involved ? CD ? DVD ? file transfer ? If file transfer, how ?

8) What security measures in place were bypassed ?

9) Any evidence of sale of these records ?

10) How long has this been going on ?

11) What will be done to prevent this in the future ?

12) Has the accused been fired ?

13) What is the possibity that the "theft" did not occur, and is to cover up something ?

[Arrow]

The more I see of government in action, the more I am reduced to simply wanting the government to do 3 things for me:

1. Guard the coast.
2. Deliver the mail.
3. Leave me the hell alone.

Yep!

[Boats]

I'd suggest you contact your bank, credit card folks and any other financial institution where you have money they can access and get them to put a hold on any withdraw's in access of a fixed amount over that increment. I'd also set up a new password of which only you would know.

This is stupid and shows poor judgment on the VA officer's to allow such data to be transported outside of a secure area. Someone will have to go and then government protection will have to be given to the personnel whose records were stolen.

Uncle Sam will just have to pick up the tab for any VA identity losses that come about from this date on. It's their fault not ours.

[Gimpy]

has been presented to the upper mangement of the VA for a while now.


For the past few years the VA inspector general has criticized the Veterans Benefit Administration for lax information security, paticularly concerning the ease with which hackers might penetrate VBA computer systems.


Just as recently as six months ago, in a November 2005 report to Congress written by then acting Inspector General Jon A. Wooditch stated, "VA has not been able to effectively address its significant information security vulnerabilities and reverse the impact of its historically decentralized management approach."


Yet Secretary Nicholson and his cronies STILL sat on their ass and have done absolutely nothing to correct this $hit!

It seems strange that the day after the VDCB vote on SSDI that the data is lost. I wonder if stealing data is part of the SSDI study? Well is it Genral Scott?

[Gimpy]

Robert, this may turn out to be more than meets the 'smell test'!

I wouldn't put ANYTHING past that jerk General Scott and the other radical Commissioner Grady! I met each of them at their 'road show' meeting held in St. Petersburg, FL this past Feburary and can personally confirm they are BOTH arrogant, condescending and unsympathetic to most veterans issues.

I wouldn't give you one ounce of monkey-$hit for EITHER of them!

JUst got this latest info a short while ago regarding the theft of the info from the VA.


###START###


VETS DESERVE BETTER TREATMENT AFTER DATA THEFT
by BOB SULLIVAN---May 23, 2006

It is perhaps the largest theft of Social Security numbers to date. And the victims, who once put their lives on the line for their county, appear to be getting even less compensation than most victims of data theft.

On Monday, the Veterans Administration announced that an employee had taken home data on 26.5 million veterans, and that data was stolen. It's a staggering amount, dwarfing other recent high-profile incidents at major U.S. firms like Citibank, ChoicePoint, and Bank of America. And yet, the support offered to victims by the VA is dwarfed by the support corporate America has offered in similar situations.

It's become standard practice for data leakers to offer free credit monitoring to victims, so they are able to watch their credit reports daily for signs of misuse. The services are available from the credit bureaus, and cost about $10 a month. Corporations that leak data and foot the bill usually get big discounts.

So far, the vets haven't been offered credit monitoring. Instead, the VA is reminding victims that they are entitled to a free copy of their credit report every year, and then basically wishing them good luck.

That's insufficient. For starters, vets who've already gotten their one free peek at credit bureau data this year cannot get a free report at AnnualCreditReport.com ? they have to go through more complicated steps, and might end up paying for it.

Meanwhile, a single peek at their credit report today would probably reveal very little. Fraudulent accounts can take weeks or months to appear, meaning it would be better to take that one peek in a month or two. But even that's a tepid step at best to spy signs of identity theft after a data leak like this.

The only way to know something bad is happening to your credit is to look at it repeatedly, at about the same frequency that you look at your checking account statement. It's hardly a perfect solution and doesn't catch every instance of ID theft, but it's a solid start. Credit monitoring services give consumers that kind of access. ChoicePoint, LexisNexus, and nearly all other commercial entities that have lost data have offered credit monitoring to victims for 3, 6, even 12 months.

The VA should do the same. Anything less is neglectful.

There is hope the veterans' data was stolen by a burglar who simply wanted the hardware, according to the VA. In the best case scenario, the data has already been erased and the hardware pawned at a small shop. But assuming that best case is a bit naive, at a time when virtually every petty thief knows the data on a computer is often far more valuable that a computer itself.

Offering 26 million people a service that retails for $10 a month would obviously be a costly expense for the VA, and might eat into funding for other essential programs. That?s where it?s time for the VA, the Federal Trade Commission, and the credit bureaus to get creative. Hopefully, this incident will serve as a chance to re-examine the entire issue of consumer access to credit reports. Consumers should never have to pay the credit bureaus to see if they are victims of identity theft. Certainly, veterans shouldn't have to. And most certainly, veterans who know their Social Security numbers have been stolen shouldn't have to.

For now, veterans who want more information are being told to call 1-800-FED-INFO. Much more information is available at the FirstGov.Gov Web site. There's also detailed instructions on how to place a temporary fraud alert on credit reports at the Federal Trade Commission's Web site.


------END------

[MORTARDUDE]

I just went to the VA web site to use the "Census 2000 Veteran Data" tables....

( Tennessee Veteran Population by period of service by county )

http://www.va.gov/vetdata/Census2000/pos/TN_pos.pdf

it shows :


77,956 total veterans in Shelby County ( incl. Memphis )

1,083 served in Vietnam era

9,842 no Vietnam era service

10,925 august 1990 or later

8,929 sept. 1980 or later ( no vietnam era service )

913 served prior to sept 1980 ( no vietnam era service )

Anyway that you manipulate these numbers they just don't add up. There have to be more than 1,083 out of almost a million folks in this county who served during the Vietnam era......I can name several hundred without trying too hard.

Shelby County had an estimated population in 2004 of 908,175.

Look up your area and see what you can come up with.

Larry