BALTIMORE — The personal information of about 26 million veterans may have fallen into criminal hands when someone stole the electronic data stored at the home of a federal employee, officials said Monday.
The burglary earlier this month could mark one of the largest thefts of identity data, electronic privacy experts said.
The missing information contained names, Social Security numbers and dates of birth for up to 26.5 million veterans and some spouses. Those affected include all of those discharged by the military after 1975 and those discharged before 1975 who filed claims later with the Department of Veterans Affairs.
VA officials released few details about the theft's time and location in suburban Maryland, saying they didn't want to tip off the burglars who, they said, might not understand what they had taken.
The VA inspector general's office and the FBI joined the effort to track down the purloined information, officials said. A law enforcement source familiar with the investigation said the burglary probably happened in Montgomery County because authorities there are working on the investigation.
Officials said the VA employee who brought the data home violated department policy. Department spokesman Matt Burns declined to say who the employee was, but confirmed the employee had been suspended pending the outcome of the investigation.
So far, investigators believe it is unlikely the burglars know what they stole or even how to access it, according to the VA. The employee's neighborhood had been subject to a rash of break-ins, officials said.
Still, the data are the kind of specific and essential information regularly used by those who steal people's identities.
"There was one breach by a hacker of 40 million credit card accounts last year," said Beth Givens of the Privacy Rights Clearinghouse, a nonprofit consumer information and advocacy organization in San Diego. "But that's a finite problem because you can cancel the accounts."
Acknowledging the enormous potential impact of the theft, Secretary of Veterans Affairs Jim Nicholson wrote a letter that officials said would be sent to all of those affected.
The top official at the Veterans of Foreign Wars called the theft disturbing, but pledged his help to inform its 2.4 million members.
"What happened is absolutely unacceptable, but the task at hand is to inform every veteran family so that they can begin taking steps to safeguard their personal information," VFW Commander in Chief Jim Mueller said in a statement.
"Whether the investigation reveals it was one person involved or includes others in more senior positions who may have given tacit approval, we expect their employment to be terminated immediately."
Ramona Joyce, a spokeswoman for the American Legion, agreed that the theft was a concern. "In the Information Age," she said, "we're constantly told to protect our information. We would ask no less of the VA."
Congressional members charged with oversight of veterans affairs demanded more answers. "It is a mystifying and gravely serious concern that a VA data analyst would be permitted to just walk out the VA door with such information," the Democratic members of the House Veterans Affairs Committee said in a joint statement. Sen. Larry E. Craig of Idaho, the Republican chairman of the Senate Veterans Affairs Committee, said his committee would hold hearings on the theft of the information and the agency's procedures for handling sensitive data.
Citing unnamed sources, the website for Government Executive magazine reported that the employee worked in the Policy and Planning Group at VA headquarters in Washington.
The employee, according to the website, was performing a statistical analysis on the data as part of an annual department study on veteran population demographics.