Personal information on 26.5 million veterans that was stolen from a Veterans Affairs employee this month not only included Social Security numbers and birthdates but in many cases phone numbers and addresses, internal documents show.
Meanwhile, VA Secretary Jim Nicholson said Wednesday that he had named a former Arizona prosecutor as a special adviser for information security, a new three-month post that will pinpoint security problems at the VA and develop recommendations for improvements.
The three pages of memos by the VA, written by privacy officer Mark Whitney and distributed to high-level officials shortly after the May 3 burglary, offer new details on the scope of one of the nation's largest security breaches. The memos were obtained Wednesday by The Associated Press.
They show that a file containing 6,744 records pertaining to "mustard gas veterans" — or those who participated in chemical testing programs during World War II — was breached, and that a "short file" with as many as 10 diagnostic codes indicating a veteran's disability also was stolen.
At the same time, however, the memos suggest that the data might be difficult to retrieve by thieves.
"Given the file format used to store the data, the data may not be easily accessible," stated one memo dated May 5 and distributed internally May 8.
A spokesman for the VA did not have immediate comment Wednesday.
Some lawmakers said Wednesday they were troubled by the new revelations, which go further than what the VA initially reported after publicizing the theft on May 22. At the time, VA Secretary Jim Nicholson said the data was limited to Social Security numbers and birthdates; he later indicated that diagnostic codes in some cases also may have been breached.
"It is not appropriate for this information to ever enter the public domain," said Rep. Bob Filner, D-Calif., the top Democrat on the House Veterans' Affairs Committee, which is planning to hold several additional hearings on data security and veterans' benefits later this summer.
Veterans groups have criticized the VA for a three-week delay in publicizing the burglary after the theft at a VA data analyst's Maryland home. During hearings last week, Nicholson said he was "mad as hell" that employees did not notify him of the May 3 burglary until May 16.
Joe Davis, a spokesman for Veterans of Foreign Wars, said the VA needs to come clean about who exactly is at risk.
"What's so upsetting and frustrating is the lack of specific details coming from the VA," he said. "We have millions of veterans looking to the VA for answers, including older veterans who may not have Internet access or fully comprehend what this means to them, and younger veterans who will now have to carry this dark cloud with them for the rest of their lives."
In a statement, Nicholson said he had appointed former Maricopa County Attorney Richard Romley as his new adviser for information security. Nicholson cited a need for dramatic security changes in the wake of the burglary.
"Rick Romley is a well-respected attorney and veteran who will provide a critical outsider's perspective to VA," Nicholson said. "Rick shares my commitment to cutting through bureaucracy to provide results for our nation's veterans."
Romley, a Vietnam War veteran, prosecuted one of the largest public corruption cases in Arizona in the early 1990s and was seen as a potential GOP contender in that state's 2006 governor's race.
On Tuesday, VA deputy assistant secretary Michael McLendon said he was stepping down because of the theft, and the VA announced it would dismiss the data analyst, who had reported to McLendon. The department also placed Dennis Duffy, the acting head of the division in which the data analyst worked, on administrative leave.