Veterans Administration to Pay $20 million for Security Breach

The Veterans Administration security breach in 2006 is a graphic example of how your most personal data can easily get into the hands of identity thieves.

Although taking data home was against the rules, a data analyst did just that – and when his suburban home was burglarized in May 2006, the thieves took both his laptop and the external hard drive containing names, birth dates, and Social Security numbers of every Veteran who had been discharged after 1975 – up to 26.5 million veterans.

The laptop was eventually recovered and VA spokesman Phil Budahn was quoted as saying “…there is no evidence that the information involved in this incident was used to harm a single veteran.”

No one knows if the thieves had any idea about what was on that computer or if they copied data while it was in their possession.

Veterans were informed of the security breach in late May – about 3 weeks after it occurred – and the following month five veterans groups filed a class action lawsuit on behalf of all veterans. The lawsuit asked for $1,000 in damages for every veteran whose information was compromised in the theft.

Now, after nearly 3 years, the parties have come to an agreement that leaves most veterans out of the settlement. Veterans who can show proof of actual harm, such as emotional distress leading to physical symptoms, or expenses for credit monitoring, will be eligible to receive payments up to $1,500.

Once the settlement is approved by a U.S. District Judge, the terms will become final. Then notices will be published in magazines and newspapers across the country, giving veterans a toll-free number for information on filing a claim. Any funds remaining from the $20 million after payment to those veterans will be donated to veterans’ charities.

The VA, of course, is not the only entity to lose personal records. In a June 2006 news article, the Privacy Rights Clearinghouse estimated that in the previous 16 months, 170 data breaches had occurred – exposing more than 80 million Americans to potential identity theft.

The VA itself had a second security breach in 2006. Again, a missing computer was the cause. Unisys, a subcontractor providing software support to the Pittsburgh and Philadelphia VA Medical Centers, reported the loss on August 3. This time insurance data for 16,000 living veterans and about 2,000 deceased veterans was compromised.

Again, VA spokesmen stated that there was no evidence of the information being used to harm any veteran. All veterans affected were notified, however.

These occurrences are often the result of stolen laptop computers – computers which should be left at the office but are taken home instead. your resource for free credit reports, credit cards, loans, and ground breaking credit news.

Comments are closed.

Disclaimer: This information has been compiled and provided by as an informational service to the public. While our goal is to provide information that will help consumers to manage their credit and debt, this information should not be considered legal advice. Such advice must be specific to the various circumstances of each person's situation, and the general information provided on these pages should not be used as a substitute for the advice of competent legal counsel.