Stolen laptop recovered; FBI says data on veterans wasn’t accessed
WASHINGTON – Social Security numbers and other personal data on 26.5 million veterans and military troops were not copied from a Veterans Affairs computer missing for eight weeks, the FBI said Thursday.The recovery of the laptop and external drive was a “positive note in this very sad saga,” VA Secretary Jim Nicholson said.”This has brought to the light of day some real deficiencies in the manner we handled personal data,” said Nicholson, who made the announcement at a House hearing investigating one of the nation’s worst information data breaches.”If there’s a redeeming part of this, I think we can turn this around,” he said.Burglars stole the computer equipment from a data analyst’s Maryland home on May 3. Law enforcement officials recovered the laptop and hard drive after an informant on Wednesday notified the U.S. Park Police that he had heard about a $50,000 reward and knew where they could be found.The equipment was then turned in to officials in Montgomery County, Md., where the data analyst lives. No suspects were in custody.”I don’t think the person knew the laptop was the laptop,” said Dwight Pettiford, chief of the U.S. Park Police.The FBI, in a statement from its Baltimore field office, said a preliminary review of the equipment by its computer forensic teams “has determined that the data base remains intact and has not been accessed since it was stolen.” More tests were planned.Veterans groups cheered the news but said the government should provide them free credit monitoring to ensure they are fully protected.”The worst-case scenario may have been averted this time, but an even greater tragedy would be if this type incident was allowed to happen again because of complacency,” said Joe Davis, a spokesman for the Veterans of Foreign Wars.John Rowan, president of Vietnam Veterans of America, agreed. “We are pleased and relieved,” he said. “This does not, however, obviate the crisis of confidence in the security of veterans’ personal data and contact information as managed by the VA.”On Wednesday, President Bush asked Congress for $160.5 million to pay for credit monitoring and other fraud protection for affected veterans. He proposed to tap dollars set aside but not used yet for food stamps, student loans and trade assistance for farmers.During the hearing Thursday, Nicholson urged veterans to keep watch over their financial records until more tests are completed in the coming days. But he declined to say whether the VA would ultimately follow through on its plans to offer at least one year of free credit monitoring.The department is actively working to hire a data analysis company to be on the watch for identity theft, but it will await further tests from the FBI to decide on the monitoring, which on average costs $50 to $150 per person each year.”I’m going to reserve judgment on that,” Nicholson said.Newly discovered documents show that the VA analyst blamed for losing the laptop had received permission to work from home with data that included millions of Social Security numbers and other personal information.Rep. Steve Buyer, R-Ind., chairman of the House Veterans Affairs Committee, which was investigating the breach, said he was pleased that veterans may now be able to “breathe a sigh of relief.””However, this will not diminish our oversight,” he said. “We will hold the VA responsible and accountable.”The department said last month it was in the process of firing the data analyst, who is now challenging the dismissal.Rep. Michael Michaud, D-Maine, said he was concerned that the VA was using the data analyst as a “sacrificial lamb to cover up the data-loss problem.””I view this as a leadership failure,” Michaud said. “The data breach is the fault of VA leadership for failure to implement security measures, which time and again has been recommended by the committee.”Nicholson responded that he was not personally aware of the agreements. Tim McClain, the VA’s general counsel, said the Social Security authorization was standard for an employee doing data analysis work.”I can’t comment on a pending action because it is still pending,” McClain said.Under House questioning, the VA also:-Disclosed it had lost sensitive data in at least two other cases. In Minneapolis, a VA employee put a laptop containing data for more than 60 veterans in the trunk of his car, which was then stolen. There have been two reports of identity theft from that incident, according to Buyer.In Indianapolis, a back-up tape containing files on as many as 16,357 legal cases involving veterans was lost from a VA regional office. Nicholson said authorities and the VA inspector general were investigating, and those whose information was lost would be provided credit monitoring.-Said its cybersecurity chief, Pedro Cadenas, had resigned for personal reasons. “I will not be surprised if other people resign,” Nicholson said.—Associated Press writer Stephen Manning in Calverton, Md., contributed to this report.