Link to jump to start of content The Seattle Times Company Jobs Autos Homes Rentals NWsource Classifieds
The Seattle Times Nation & World
Traffic | Weather | Your account Movies | Restaurants | Today's events

Tuesday, May 23, 2006 - Page updated at 12:00 AM


"Enormous" security breach leaves veterans vulnerable to ID theft

The Washington Post

WASHINGTON — As many as 26.5 million veterans were placed at risk of identity theft after intruders stole an electronic data file this month containing their names, birthdates and Social Security numbers from the home of a Veterans Affairs Department employee, VA Secretary Jim Nicholson said Monday.

The burglary occurred May 3 in Wheaton, Md., according to a source with knowledge of the incident who requested anonymity because the matter is under investigation.


Department of Veterans Affairs:, or call 800-FED-INFO (333-4636).


800-525-6285; P.O. Box 740241,

Atlanta, GA 30374-0241


888-EXPERIAN (397-3742);

P.O. Box 9532, Allen, TX 75013

TransUnion:; 800-680-7289;Fraud Victim Assistance Division, P.O. Box 6790,

Fullerton, CA 92834-6790

"In terms of Social Security numbers, it's the biggest breach," said Evan Hendricks, author of the book "Credit Scores & Credit Reports." "As long as you've got that exact Social, most of the time the credit bureaus will disclose your credit report, and that enables the thief to get credit."

A career data analyst, who was not authorized to take the information home, has been put on administrative leave pending the outcome of investigations by the FBI, local police and inspector general of the VA, Nicholson said. He would not identify the employee by name or title.

"They believe this was a random burglary and not targeted at this data," Nicholson said. "There have been a series of burglaries in that community. ... There is no indication at all that any use is being made of this data or even that they know that they have it."

Although publicly revealing the incident might tip off the thieves to the value of their booty, Nicholson said VA officials decided veterans needed to know to monitor their credit scores and credit-card and bank statements.

Nicholson said affected veterans include anyone discharged since 1975 and some of their spouses, as well as some veterans discharged before that who submitted a claim for VA benefits.

The theft represents the biggest unauthorized disclosure ever of personal Social Security data, and could make affected veterans vulnerable to credit-card fraud if the burglars realize the value of their haul, one expert said.

Guarding against identity theft

The Veterans Affairs Department says it is not necessary for veterans to contact financial institutions or cancel credit cards and bank accounts in case of identity theft. Here is what veterans can do to protect themselves:

Be vigilant. Carefully monitor bank and credit-card statements. Report unusual activity immediately to the financial institution involved and contact the Federal Trade Commission.

If you detect suspicious or unusual activity, do the following:

• Contact the fraud department of one of the three major credit bureaus:

• Close any account that has been tampered with or opened fraudulently.

• File a report with your local police department or the police department in the community where the identity theft took place.

• File a complaint with the Federal Trade Commission by using its identity-theft hotline at 877-438-4338, online at, or by mail at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Ave. NW, Washington, D.C. 20580.

Source: Veterans Affairs

For years, the VA inspector general has criticized the department for lax information-security practices, chiefly concerning the ease with which computer hackers might penetrate VA systems.

Democrats on the House Committee on Veterans Affairs issued a statement calling on the VA to restrict access to sensitive information to essential personnel, and to enforce those restrictions. "It is a mystifying and gravely serious concern that a VA data analyst would be permitted to just walk out the VA door with such information," the statement said.

Sen. Larry Craig, R-Idaho, chairman of the Senate Committee on Veterans Affairs, said his panel would hold hearings on VA information security.

Nicholson would not discuss specifics of the incident, saying that disclosing details could hurt the investigation. The data did not contain medical records or financial information, but in some cases had disability ratings, he said. "The employee took it home to work with it," Nicholson said. "He was working on a project. ... But he was not authorized to take it home."

The VA plans to send letters to all the veterans notifying them that their personal information has been compromised, Nicholson said.

Identity theft and fraud has become a national problem. Three years ago, federal authorities estimated about 750,000 people fell victim to some identity scam. These days, the estimate is as high as 10 million.

"This is an enormous breach, and because the data was not stored securely, millions of people are at risk," said Ari Schwartz, deputy director of the nonprofit Center for Democracy and Technology, a privacy group.

Copyright © 2006 The Seattle Times Company




More shopping