Personal data, including Social Security numbers of 26.5 million U.S. veterans, was stolen from a Veterans Affairs employee this month after he took the information home without authorization, the department said Monday.
Veterans Affairs Secretary Jim Nicholson said there was no evidence so far that the burglars who struck the employee's home have used the personal data — or even know they have it. The employee, a data analyst whom Nicholson would not identify, has been placed on leave pending a review.
"We have a full-scale investigation," said Nicholson, who said the FBI, local law enforcement and the VA inspector general were investigating. "I want to emphasize, there was no medical records of any veteran and no financial information of any veteran that's been compromised."
"We have decided that we must exercise an abundance of caution and make sure our veterans are aware of this incident," he said in a conference call with reporters.
The theft of veterans' names, Social Security numbers and dates of birth comes as the department has come under criticism for shoddy accounting practices and for falling short on the needs of veterans.
Last year, more than 260,000 veterans could not sign up for services because of cost-cutting. Audits also have shown the agency used misleading accounting methods and lacked documentation to prove its claimed savings.
Veterans advocates immediately expressed alarm.
"This was a very serious breach of security for American veterans and their families," said Bob Wallace, executive director of Veterans for Foreign Wars. "We want the VA to show leadership, management and accountability for this breach."
Sen. John Kerry, D-Mass., who is a Vietnam veteran, decried the breach and said he would introduce legislation to require the VA to provide credit reports to the veterans affected by the theft.
"This is no way to treat those who have worn the uniform of our country," Kerry said in a statement "Someone needs to be fired, the perpetrators need to be caught and the security system at the VA needs to be massively overhauled."
On Monday, the VA said it was notifying members of Congress and the individual veterans about the burglary. It also set up a call center at 1-800-FED-INFO and Web site, http://www.firstgov.gov, if veterans believe their information has been misused.
It also is stepping up its review of procedures for the use of personal data for many of its employees who telecommute as well as others who must sign disclosure forms showing they are aware of federal privacy laws and the consequences if they're violated.
Nicholson declined to comment on the specifics of the incident, which involved a mid-level career employee who had taken the information home to suburban Maryland — on disks, according to congressional sources who were briefed on the incident — to work on a department project.
The residential community had been a target of a series of burglaries and the employee was victimized earlier this month, according to the FBI in Baltimore, which was investigating the incident.
The material represents personal data of all living veterans who served and have been discharged since 1976, according to the department. The information was included in the veterans' discharge summary that goes into a government database.