VA memos detail stolen data

VA memos detail stolen data
Records included phone numbers, addresses, documents say.

Published Thursday, June 1, 2006

WASHINGTON (AP) - Personal information on 26.5 million veterans that was stolen from a Veterans Affairs employee this month not only included Social Security numbers and birthdates but in many cases phone numbers and addresses, internal documents show.

Meanwhile, VA Secretary Jim Nicholson said yesterday that he had named a former Arizona prosecutor as a special adviser for information security, a new three-month post that will pinpoint security problems at the VA and develop recommendations for improvements.

The three pages of memos by the VA, written by privacy officer Mark Whitney and distributed to high-level officials shortly after the May 3 burglary, offer new details on the scope of one of the nation’s largest security breaches. The memos were obtained yesterday by The Associated Press.

They show that a file containing 6,744 records pertaining to "mustard gas veterans" - or those who participated in chemical testing programs during World War II - was breached, and that a "short file" with as many as 10 diagnostic codes indicating a veteran’s disability also was stolen.

At the same time, however, the memos suggest that the data might be difficult to retrieve by thieves.

"Given the file format used to store the data, the data may not be easily accessible," said one memo dated May 5 and distributed May 8.

Yesterday, the VA did not say why it didn’t immediately reveal that personal information such as addresses and phone numbers had been disclosed. But the agency said it aggressively sought to protect veterans once Nicholson was informed.

"VA’s initial and primary efforts have focused on notifying the millions of veterans and some spouses whose most sensitive and identifiable information - their names, Social Security numbers, dates of birth, and some disability ratings - may have been compromised," spokesman Matt Burns said.

Some lawmakers yesterday said they were troubled by the new revelations, which go further than what the VA initially reported after publicizing the theft on May 22. At the time, Nicholson said the data was limited to names, Social Security numbers and birthdates; he later indicated that diagnostic codes in some cases also might have been breached.

"It is not appropriate for this information to ever enter the public domain," said Rep. Bob Filner, D-Calif., the top Democrat on the House Veterans’ Affairs Committee, which is planning to hold several additional hearings on data security and veterans’ benefits later this summer.

Veterans groups have criticized the VA for a three-week delay in publicizing the burglary after the theft at a VA data analyst’s Maryland home.

Joe Davis, a spokesman for Veterans of Foreign Wars, said the VA needs to come clean about who exactly is at risk.

"What’s so upsetting and frustrating is the lack of specific details coming from the VA," he said. "We have millions of veterans looking to the VA for answers, including older veterans who may not have Internet access or fully comprehend what this means to them, and younger veterans who will now have to carry this dark cloud with them for the rest of their lives."

Separately, Nicholson said in a statement that he had appointed former Maricopa County Attorney Richard Romley as his new adviser for information security.

Nicholson cited a need for dramatic security changes in the wake of the burglary.