US VA Now Says Data Theft Goes Deeper
In a follow-up to the events described in DID’s May 25, 2006 article, the US government has disclosed that personal data on up to 50,000 active Navy and National Guard personnel were among those stolen from a Veterans Affairs employee’s home last month. An Associated Press article says that information including names, Social Security numbers and dates of birth of up to 20,000 National Guard and Reserve personnel who were on at least their second active-duty call-up were “potentially included”; the same status applies for up to 30,000 active-duty Navy personnel who completed their first enlistment term prior to 1991. While there have been no reports that the stolen data have been used for identity theft yet, caution and vigilance by potential victims is definitely warranted.
Meanwhile, consequences are beginning to fall. A recent AP report notes that The VA has fired the data analyst who lost the data, VA deputy assistant secretary Michael McLendon has stepped down, and Dennis Duffy (the acting head of the division in which the data analyst worked) has been placed on administrative leave. Meanwhile, VA Secretary Jim Nicholson said Wednesday that he had named Attorney and Vietnam War veteran Rick Romley as his new adviser for information security. Romley prosecuted one of the largest public corruption cases in Arizona in the early 1990s.
Yet Military.com reminds us that the VA theft is only the latest in a string of incidents:
- Several U.S. military computers containing personnel records were found for sale at a bazaar outside a U.S. base in Afghanistan, according to an April report in The L.A. Times.
- Thieves broke into a Ft. Carson, Colo. facility in September, making off with personal information belonging to deployed soldiers.
- In December 2002, records for more than 560,000 troops, dependents and retirees were stolen from computers at a health care provider in Arizona, prompting Pentagon officials to promise better information security, according to The New York Times.
In all cases, the stolen data were centralized in large databases and unencrypted, making the thieves’ jobs easy. More “conventional” methods have also been employed, however. David Axe’s article, “Vets Must Be Vigilant To Prevent ID Theft” documents some of them, and discusses steps for military personnel and veterans to take:
- In 2001, Air Force Senior Airman David Daniel stole ID cards from a deployed airman in order to impersonate the victim and ring up massive charges in his name.
- Edwin Gomez, a former janitor at an Army base in New York City, in 2005 swiped documents belonging to hundreds of deployed reservists and opened credit accounts.
- Karl Valentine stole a deceased veteran’s documents from the veteran’s widow and used the victim’s social security number to get treatment at a Kansas VA hospital.