CONSUMER NEWS RECALLS COMPLAINT FORM SCAM ALERTS

Small Claims Guide \| Class Actions \| Lemon Law \| FAQ \| Resources \| Newsletters \| Spanish
Automotive Education Electronics Family Finance Health Homeowners Shopping Travel

Veterans Administration Loses Data on 1.8 Million

By Martin H. Bosworth
ConsumerAffairs.com

February 13, 2007

Data Theft
• Thieves Steal AT&T Laptop with Employee Data
• Report: Data Breach Disclosure Laws Don't Affect Identity Theft
• Patient Information Exposed in Data Breach at Walter Reed
• Supermarket Chain Reports Data Breach
• Report: Feds Still Not Doing Enough To Secure Data
• Data Thieves Hit Georgetown University Students, Faculty
• 800,000 Job Seekers At Risk In Gap Data Breach
• TJX Data Breach Settlement Has Strings Attached
• More ...

The VA is notifying 1.8 million veteran patients and doctors that a hard drive containing their personal information has been missing from an Alabama veterans' hospital.

The missing hard drive contains personally identifying information on 535,000 veterans, and billing information for 1.3 million doctors.

The hard drive was discovered missing on Jan. 22 but, as usual in such cases, the public was not alerted.

VA officials first said the drive contained information on 48,000 veteran patients but now concede the actual number is nearly 40 times more than what was originally reported.

The information included Social Security numbers for the patients, and names in several instances, as well as Medicare billing codes for the doctors.

At the time of the original notification, the VA said that the drive belonged to an unidentified "mid-level" employee. The drive allegedly lacked encryption.

The VA originally said it suspected theft in the disappearance, and began a criminal investigation with the help of the FBI. As usual, the VA claimed it had seen "no evidence" that the data was misused.

The agency plans to offer a year of free credit monitoring to any affected individual, though it did not disclose who it was partnering with to offer the service.

Congress Incensed

Alabama's Congressional and state representatives were incensed at the data breach and the lag time between the discovery and the notification. Rep. Artur Davis (D-Birmingham) chastised the VA when the breach was originally disclosed for its repeated failures to protect information.

"[The VA] should be held to a better standard than the private sector, not a lesser standard," Davis said at the time. "This is a continuous problem of veterans who go into the VA."

Dubious Distinction

The continuing problems at the Veterans' Administration have given it the dubious honor of being synonymous with the phrase "data breach," an accolade formerly held by data broker ChoicePoint after it sold personal information to a ring of Nigerian criminals.

The VA's reputation was tarnished after a laptop containing records on 26.5 million veterans was stolen from the home of an analyst in Maryland in May 2006.

The laptop was eventually recovered after an anonymous tip led to the arrest of two Maryland teenagers and a juvenile connected with the theft.

In the course of the inquiry into that laptop's theft, the VA was found to have kept the theft secret for nearly a month before disclosing it to the affected veterans.

The unidentified analyst was dismissed from his position for the breach, a move he contested on grounds that VA employees had been given permission to take data home with them on numerous occasions.

The VA had also covered up two smaller data breaches in the twelve-month period preceding the laptop theft.

The last VA breach prompted numerous hearings before Congress, and a series of legislative efforts is underway to improve data security and codify disclosure requirements nationwide. Critics charge that many of the bills are too friendly to industry and government agencies, and offer too many exemptions to be of any use.

Serious Danger

Despite the VA's claims that it had seen no evidence the missing data was misused, the threat is very real for affected victims of a data breach.

Smart hackers will often mix and match stolen data from different people, creating new "synthetic identities" that can be used to get new credit accounts. Because the thieves are using existing information, rather than making up fake identities, the fraud is much harder to detect.

Missing medical information is particularly dangerous, as the data can be used for "medical identity theft," where the culprit gets expensive medical procedures and leaves the bill for the unknowing victim to pay.

Medical fraud is much harder to prove than typical credit or bank fraud, and can leave victims with ruined credit and thousands of dollars in debt.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

August 7 2008

Print, mail, etc.

FREE CONSUMER NEWSLETTERS

The Daily Consumer
Afternoons M-F
Sign up now!

Consumer News & Alerts
Every Sunday
Sign up now!

Knowledge is free.
Knowledge is power.

Back to the top |

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice. ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof.