Lawmakers say they want to know whether a Veterans Affairs employee was being unfairly blamed for losing veterans' personal information, citing newly disclosed documents showing he had received permission to work on the data from home.
"From the start, the VA has acted as if the theft was a PR problem that had to be managed, not fully confronted," said Rep. Bob Filner, D-Calif. "They're trying to pin it on this one guy, but I think it's other people we need to be looking at."
VA Secretary Jim Nicholson and other top department officials were to testify Thursday before a House committee investigating the government's largest computer security breach.
According to internal documents obtained by The Associated Press, the VA data analyst faulted for losing personal data for up to 26.5 million veterans had the department's approval to access millions of Social Security numbers on a laptop from home.
The documents show that the data analyst, whose name was being withheld, had approval as early as Sept. 5, 2002, to use special software at home that was designed to manipulate large amounts of data.
A separate agreement, dated Feb. 5, 2002, from the office of the assistant secretary for policy and planning, allowed the worker to access Social Security numbers for millions of veterans.
A third document, also issued in 2002, gave the analyst permission to take a laptop computer and accessories for work outside of the VA building.
"These data are protected under the Privacy Act," one document states. The analyst is the "lead programmer within the Policy Analysis Service and as such needs access to real Social Security numbers."
The department said last month it was in the process of firing the data analyst, who is now challenging the dismissal.
VA officials have said the firing was justified because the analyst violated department procedure by taking the data home. They also said he was "grossly negligent" in handling sensitive information.
However, Filner noted that the employee had informed supervisors of the theft immediately after the crime, while supervisors waited nearly three weeks to inform the public on May 22. Nicholson himself was informed on May 16.
"The gross negligence in this case are the people above him," said Filner, the acting top Democrat on the House Veterans' Affairs Committee.
A spokesman for the VA did not have immediate comment Wednesday.
Veterans groups and lawmakers from both parties have criticized the VA for the theft and noted years of warnings by auditors that information security was lax. Some veterans also have filed suit in federal court, seeking $1,000 in damages — or up to $26.5 billion total — for privacy violations.
Separately, President Bush on Wednesday asked in a letter to House Speaker Dennis Hastert, R-Ill., for $160.5 million to help the VA cover the costs of credit monitoring and fraud watch services.
The money would be taken from programs in the departments of Agriculture, Health and Human Services, Labor, Transportation, Treasury and Veterans Affairs whose money would otherwise go unused or from programs previously set for elimination, according to Scott Milburn, spokesman for the Office of Management and Budget.
The programs included those for food stamp employment and training, trade adjustment assistance for farmers, and health professions student loans.
The VA has spent more than $16 million to set up a call center and to notify veterans by letter. It is spending an additional $200,000 a day to maintain the center.