ID Theft Settlement - $20 Million

A data analyst from the Department of Veterans Affairs took home a laptop and an external hard drive without permission. The external drive had names, birth dates, and Social Security numbers of more than 26 million veterans. It was stolen in a burglary. It took the VA three weeks to notify the veterans that may be ID theft victims as a result of this theft.

Five veterans groups sued and a settlement was recently reached. It must still be approved by the court, but the U.S. Treasury will pay $20 million to the veterans affected.

Under the proposed terms a veteran who demonstrates that they were harmed by this data breach will receive between $75 and $1,500. Any funds remaining after a designated period of time will be donated to approved veterans charities.

Under the lessons learned, banks must have reaction plans to expedite responses to data breaches. The cause of a data breach could be a penetration of a system, the loss or theft of a laptop or drive (including thumb drives) or some vendors system you had no control over. TJX and Heartland are examples of this. You must be prepared for a multitude of security issues to avoid settlements such as this.