The government said Wednesday it would provide free credit monitoring to millions of veterans whose personal information was stolen last month, acknowledging it was not close to catching the thieves.
Veterans Affairs Secretary Jim Nicholson said the agency would seek to protect millions of vets and military troops against identity theft after names, Social Security numbers and birthdates were taken from a VA data analyst's home on May 3.
Those eligible for one year of credit monitoring will be any of the 17.5 million people who are known to have had their Social Security numbers compromised. The VA has said up to 26.5 million could be affected, although some of them appeared to be duplicate names.
"It's not going to be cheap," Nicholson said at a news briefing, adding that authorities were not any closer to finding the stolen data. "Free credit monitoring will help safeguard those who may be affected, and will provide them with the peace of mind they deserve."
He said those who have already received letters from VA saying they are at risk will receive additional information — probably in early August after the VA solicits bids from contractors — on how to sign up for the free monitoring.
The VA also will hire a company for data analysis to look for possible misuse of the personal information. There have been no reports so far of any identity theft stemming from the burglary in suburban Maryland.
Veterans groups and lawmakers from both parties have blasted the VA for the theft, which occurred after several years of warnings by auditors that information security was lax. The data analyst — who has since been dismissed — had taken the information home for three years without permission.
The VA has also been criticized for waiting nearly three weeks — until May 22 — to notify veterans about the theft.
Earlier this month, more than 150 House Democrats called on President Bush to request new emergency funding to provide credit monitoring to veterans. Veterans groups also have filed suit against the VA, charging their privacy was violated and demanding $1,000 in damages for each person.
On Wednesday, veterans advocates praised the announcement as a good "first step."
"Any resources expended to address the VA data breach must not be taken from the VA's current budget but rather should be new funds, as veterans and military families must not be punished for the administration's failures," said Rep. Lane Evans, D-Ill., the top Democrat on the House Veterans Affairs Committee.
Joe Davis, spokesman for Veterans of Foreign Wars, agreed. "We fully expect the Congress and the administration will provide the additional funding so that no VA program is negatively impacted," he said.
At the briefing, Nicholson said the VA was working with the White House to identify money to pay for the credit monitoring in what has become one of the nation's largest security breaches. No money will come out of program services, although there may be ways administratively to "tighten the belt."
The VA has said it cost the government about $14 million to notify veterans and troops of the data theft by letter, and an additional $200,000 is being spent per day to maintain a call center.
"We will get the money and pay for it," Nicholson said.