November 15, 2007 – In a déjà vu announcement, the Department of Veterans Affairs says a computer containing the names, Social Security numbers and birthdates of 12,000 veterans was taken over the Veterans’ Day weekend from the VA medical center in Indianapolis.
Three computers were taken from an unlocked room at the Roudebush VA medical center in Indianapolis, and one computer contained records that could be used for identity theft. Federal, state and local law-enforcement agencies are investigating.
The records are of veterans who had been treated as patients at the hospital. They could include information about what medical examinations the veterans had received but not the results of the exams.
“I am upset that the VA repeatedly fails to comply with its own policy to safeguard veterans’ personal information,” said Rep. Steve Buyer, R-Ind., the former chairman of the House Veterans’ Affairs Committee, who has been pushing VA to improve computer security.
“The VA must give immediate assurance to over 12,000 veterans that it will provide full credit monitoring and protection of sensitive personal information,” Buyer said.
VA officials had no immediate response to questions about the theft.
A policy established earlier this year calls for immediate notification of everyone whose information is missing and a review of the potential threat of identity theft in such situations. Buyer was the chief sponsor of the legislation that created the policy.
If there is a risk of identity theft, VA policy calls for the government to provide free credit monitoring to those affected.
The policy was created after the May 2006 theft from the home of a VA employee of a laptop and computer storage device with personal information on more than 26 million people.
VA also has been trying to make its computers and computerized records more secure, an effort that includes requiring personal data to be encrypted. It is not known if records taken in the Indianapolis theft were encrypted.