A hard drive containing nearly 50,000 veterans' identities may have been stolen, the Department of Veterans Affairs said Friday, a deja vu moment for the federal agency that lost millions of records in a home burglary in 2006.
The FBI and the department's own inspector general are investigating, said Secretary Jim Nicholson. "We intend to get to the bottom of this, and we will take aggressive steps to protect and assist anyone whose information may have been involved," Nicholson said in a statement.
According to the VA, in late January an employee at the Birmingham, Ala., VA Medical Center reported an external hard drive missing. That drive, said the worker, may have contained veterans' personal files, some of which may have been stored on the drive in unencrypted form.
Rep. Spencer Bachus, R-Ala., whose district surrounds Birmingham, said that as many as 48,000 veterans' records were on the drive, and that as many as 20,000 were not encrypted. "Why were the records of 20,000 veterans not encrypted? Given last year's experience, VA officials should have exercised greater caution," Bachus said in a statement released Monday.
"Why did this incident happen at all given the fact that the VA already has the guidelines and tools needed to prevent such breaches? Clearly there is some sort of a disconnect between veterans officials in Washington and in the field," Bachus said.
In May 2006, the VA announced that a laptop and hard drive containing 26.5 million personal records of current and former members of the military were stolen, and that the identities were at risk to fraud. Although the hardware was later recovered, the incident led to a revamping of VA rules concerning information storage and use.