The department's head faces the lawmakers on the incident that compromised personal information.
By BILL ADAIR, Times Washington Bureau Chief
Published May 26, 2006
WASHINGTON - Angry members of Congress blamed the bureaucracy in the Department of Veterans Affairs for the theft of personal information on more than 26-million veterans, but the lawmakers have not reached a consensus on how the government should respond.
Some House members said the government should reimburse veterans if they become victims of identity theft. Others demanded the resignation of Veterans Secretary Jim Nicholson. One member proposed a $1-million reward to catch the suburban burglar who stole a computer hard drive, apparently unaware it contained the treasure trove of Social Security numbers and other personal information.
During hearings Thursday, lawmakers said the VA had ignored many recommendations about securing its computer data. They said VA officials were sloppy with sensitive records and waited too long to respond to the May 3 crime.
Rep. Michael Bilirakis, R-Tarpon Springs, complained that the incident showed a "culture of bureaucracy." Rep. Bob Filner, D-Calif., said department officials are not taking the crime seriously enough.
"I don't see any passion," Filner said.
VA officials acknowledged mistakes and said they were trying to notify veterans about the risk that thieves could use their Social Security numbers to falsely obtain credit under the veteran's name.
The magnitude of the data is making the response difficult. The department is having trouble obtaining enough envelopes to send 26-million letters.
Nicholson, after being told by House Veterans Affairs Chairman Steve Buyer, R-Indiana, that this will be "a defining moment of your leadership," said his department has alerted banks and credit agencies to watch for suspicious activity involving the veterans. He has ordered that VA employees complete cybersecurity training by June 30, with an emphasis on protecting privacy.
Nicholson said the hard drive contained names and birth dates for as many as 26.5-million veterans and some of their spouses. Social Security numbers were included for 19.6-million of them. But he said that the burglar may be unaware the hard drive contains the personal records and that VA officials are hopeful the data won't be used.
He said he accepts responsibility for the theft.
"As a veteran myself, I have to tell you I am outraged," Nicholson said. "I'm frankly mad as hell."
Nicholson said the incident has revealed lax standards for employees who "telecommute," a practice in which employees work at home. "We have people telecommuting all over this country. We need to get our arms around who these people are and what they are like. They have enormous amounts of data."
Nicholson and other VA officials said the data was taken home by a VA worker who wanted to develop a better process to select veterans for a telephone survey. The employee was described as a dedicated civil servant who was "distraught" about the theft.
VA Inspector General George Opfer told lawmakers the employee routinely had taken personal data home since 2003.
Data for 26-million veterans might sound like a lot, but it takes up only 5 gigabytes in a computer, which can fit on a portable device small enough to fit in a shirt pocket.
Committee members also blasted Nicholson for the long delay in telling the public about the crime. The theft occurred May 3. The department did not launch a criminal investigation until May 12. Nicholson did not learn of it until May 16.
Nicholson said some officials wanted to delay releasing the information to the public so the thief would not be alerted about the value of the hard drive. But Nicholson said he chose to announce the news five days ago.
Nicholson acknowledged that Deputy Secretary of Veterans Affairs Gordon Mansfield knew immediately about the incident. But he declined to say whether Mansfield would be fired or how the theft could have happened, citing a need to await results of a full investigation.
Thursday's hearings illustrated how the VA's cumbersome bureaucracy slowed the response to the incident. One official said he learned of the theft from a "hallway conversation." An official in charge of cyber-security ducked responsibility saying it was more of a privacy breach than one of cybersecurity.
Those comments left lawmakers shaking their heads with frustration.
"This is a meltdown. It is a complete failure," said Rep. Corrine Brown, D-Jacksonville.
Buyer proposed a $1-million reward to catch the thief. Nicholson said he would consider the suggestion.
So far, officials have not seen any indication that the thief or thieves have used the personal information for any financial crimes. But the VA has asked banks and credit agencies to be on the lookout and urged veterans to keep an eye on their credit reports to see if someone is trying to use their identify to obtain new accounts or credit cards.
Buyer asked if the VA could assure veterans that they would be compensated if they suffer financial harm. Nicholson said that would be up to Congress, which would have to allocate money for it.
Several lawmakers said Nicholson should resign or should fire VA officials responsible for the mistakes. The worker who took the data home has been placed on administrative leave pending the outcome of the investigation.
Nicholson, a decorated former Army infantryman, said no one has been fired but that several employees "are in my sights."
He did not indicate plans to resign.
Times staff writer Paul de la Garza contributed to this report, which used information from the Associated Press.
WHOM TO CONTACT
Veterans who suspect their information has been misused can call toll-free 1-800-333-4636 or visit www. firstgov.gov.
