I have been reading the articles today about the massive data breach of veterans data. An employee had brought personal information on up to 26.5 million military veterans, including their Social Security numbers and birth dates, home to work on a departmental project. The data (electronic) was stolen from the residence of a Department of Veterans Affairs employee who had taken the data home without authorization.

Want to bet taking confidential data home becomes a big issue, which it should!

What disturbed me about the articles I read was the level of detail about what was taken from the employee's home. It was an area with numerous burglaries recently and if the thieves had not yet discovered what wonderful sellable info was on the laptop, the newspapers told them!

Absolutely. Having lived through a "lost tape" situation I can tell you NOT having a newspaper report what was on the tape was a key consideration. If these were just on disks it sounds like no special hardware or software or unencryption software would be needed to get at it. In our case, a mainframe and special hardware would have been needed - and we absolutely knew the tape was not intentionally stolen - yet we were concerned.

Glad our government is held to such high standards.

This may well stop those employees who bring work home. I haven't heard if it was all encrypted or not. I did hear he broke policy by taking it home in the first place.

I heard the same thing, it was not an authorized removal of data. Just think, I am sure this guy's life is going right down the tubes after this.

What would be a good proactive stance to take with concerned customers?

Obviously, recommending that they place a fraud alert with the three credit bureaus is one course of action. We are also offering to place an alert on their accounts if they request it (although our current policies and procedures should be sufficient to stop any unauthorized transactions as things stand now).

Any thoughts on other things banks can be doing to alleviate customer concerns?

We are giving anyone who requests it the opportunity to add a "keyword" to their account for identity verification purposes when making an inquiry. Normally, when someone calls they use the last for digits of the tax ID to verify the idenity and since that was included in the stolen information, we're offering to add the keyword and putting it in an "alert" on the account. I let our local Veterans Services know this as well as released the information to our local paper and radio stations.

Besides what your bank can do, Trans Union (and I assume the other 2 major CBAs) has set up a fraud victims unit and provide a lot of helpful info on their website. If someone does have a problem, they truly do a lot for them including placing the alert on the other bureaus reports. I had looked into this when a former employer had a breach.

And of course, people can subscribe to some services that include monetary coverage for expenses, and some $ losses.

Allowing keywords is a good idea, promoting internet banking from an account monitoring perspective is a good idea (offer it free for 90 days or something if you have a charge for that or bill pay) and remind them of the fraud alert protections under the FCRA. I'm sure that is included in the link from Kaybee. I'd also remind them that they don't have to go out and pay for credit protections. So far, it appears the data was stolen as a random crime for the computer, not the data. Hopefully all the press hasn't changed that. And remind them that they can get one free report fro each of the three CRAs annually. Because the data is much the same, amortize these by getting one, every 4 months, to monitor their own credit.

I see the VA has a $50,000 reward for the laptop now. Hopefully they'll be able to determine if the data was copied/accessed if they get it back.

Did you see where the only reason it was reported to higher ups was through office gossip? I love the way banks are held to a high standard and the government offices do things like this.

Well, if the employee who did this was smart - he bought himself 2 weeks to look for another job!

Whomever it is is "on leave" now.

The Veterns Department announced the following

On May 25, 2006, the Department of Veterans Affairs Office of Inspector General (VA OIG) and the Federal Bureau of Investigation (FBI) have announced a $ 50,000 reward through the Montgomery County (Maryland) Crime Solvers organization, for information that leads to the recovery of a laptop computer and external hard drive that contained personal information for millions of veterans.

Montgomery County Police are working with the FBI and the VA OIG in the investigation of a residential burglary that occurred on May 3, 2006, in the Aspen Hill community of Montgomery County. Taken during that burglary was a laptop computer and external hard drive which contained identifying information for approximately 26.5 million veterans.

At this stage of the investigation there is no evidence that the suspect or suspects responsible for the theft had any knowledge of what information was stored on the hard drive.

The primary objective of the investigation is the recovery of the laptop and external hard drive. Anyone who can provide information that leads to the recovery of the laptop and external hard drive that contains the veterans' data should call Crime Solvers of Montgomery County at 1-866-411-TIPS (8477). A cash reward of $50,000 will be paid for information provided to the Crime Solvers tip line that leads to the recovery of these items.

We are providing as much information as we have about the incident and alerting veterans of the situation.

Veterans should continue to monitor this web page (http://www.firstgov.gov/veteransinfo) for further updates.

VA has set up a manned call center that veterans may call to get information about this situation and learn more about consumer identity protections. Concerned veterans may call 1 (800) FED INFO (1-800-333-4636). The call center will operate from 8 am to 9 pm (EDT), Monday-Saturday as long as it is needed.

What will be done to prevent this from happening in the future?

The Department of Veterans Affairs is working with the President's Identity Theft Task Force, the Department of Justice and the Federal Trade Commission to investigate this data breach and to develop safeguards against similar incidents. The Department of Veterans Affairs has directed all VA employees complete the "VA Cyber Security Awareness Training Course" and complete the separate "General Employee Privacy Awareness Course" by June 30, 2006. In addition, the Department of Veterans Affairs will immediately be conducting an inventory and review of all current positions requiring access to sensitive VA data and require all employees requiring access to sensitive VA data to undergo an updated National Agency Check and Inquiries (NACI) and/or a Minimum Background Investigation (MBI) depending on the level of access required by the responsibilities associated with their position. Appropriate law enforcement agencies, including the Federal Bureau of Investigation and the Inspector General of the Department of Veterans Affairs, have launched full-scale investigations into this matter.

Equifax has a drop down menu, or a pop up window specifically on this point now.

Military.com reports on HR5455, the Veterans Identity Protection Act of 2006. This would provide one year of free credit monitoring to veterans affected by the breach. Taxpayer cost, $1.25Billion. (Guess the problem belongs to all of us now.)

Grrrrr.

Cost of initial error: one severance package.
Cost to retrieve lost notebook: $50,000.
Getting the taxpayer to pick up the tab: priceless.

I think the OCC should be sent in to smack them around.

They already had the controls in place ("Employees are NOT to take work home with them.") Enforce your current policies.

Does anyone know if there is a list somewhere that will tell me if my spouse's information was compromised. I hate to put fraud alerts on my credit reports if our information has not been compromised.

You'd need to call the VA, but the articles have some of the criteria. It included just about everyone entering the system after 1975 (I think it was) and who had changes in eligibility since then.

I received my notification letter from VA in the mail this week. I was surprised that they had my current address, since we just moved in January. But the letter explained that - they used the IRS to forward the letters to Veterans based on their SSN and most recent tax return filings. Under this premise, I would suspect that most veterans affected will receive a notice telling them they have been affected.

My letter did caution me that I didn't need to over-react and close all my accounts and such. Just monitor for any suspicious or unauthorized activity. Since I've previously been victimized by identity theft (unrelated to the VA breach), I've already got an extended alert on my credit report. I also balance my bank account statements and reconcile my credit card statement to receipt entries religiously. I also review my credit report annually, and will probably increase that frequency to at least quarterly given this new breach.

Well color me stupid. I never even considered the fact that I am one of these veterans. My first thought was my dad.

But then again, who'd want to be me? Sometimes I don't want to be me so if anyone does want to steal my ID...

You stated in your post that it affects veterans with enlistments or changes since 1975. My husband and myself have been notified and our enlistments were before '75, with no further contact after our discharge (also before '75). This tells me that more information was taken then first thought.