VA reports new data loss

Editor's note:This story was updated at 10:25 a.m. Oct. 13. Please go to Corrections & Clarifications to see what has changed.

As another instance of data loss at the Department of Veterans Affairs comes to light, the VA’s Office of the General Counsel (OGC) has awarded a contract to Identity Force for identity theft protection services for more than 5,700 citizens, 660 of whom were veterans.

The number of individuals who enroll in this opt-in program will determine the value of the contract, Identity Force said in a statement.

The contract is the result of a May 8 incident in which a backup data tape was reported missing from the general counsel’s regional office in Indianapolis, Ind., said VA spokeswoman Jo Schuda.

She said the missing data contained mostly legal records dating back to the 1970s. “Along with the legal issues there were attorney work products,” she said. “The data contained entries for any kind of legal cases that the attorneys worked on, not necessarily veterans.’”

The office sent notification letters this summer to as many of the individuals involved as possible, she said. “But they couldn’t find complete addresses for some because of the age of the cases,” Schuda added. About 2,000 of the more than 7,000 individuals were deceased.

“There is no indication any of the affected individuals have suffered problems as a result of this missing tape, but in order to be doubly sure we have also purchased the services of ID Analytics to perform data breach analysis in order to detect any organized misuse of these data,” according to a statement OGC issued today.

Schuda said she did not know if the tape was lost or stolen and whether it has been recovered.

The incident occurred the same month that a VA laptop PC and disks containing personal information on 26.5 million veterans were stolen from an employee’s home. The FBI later recovered the computer with no signs that personal data had been compromised.

In August, a desktop computer containing insurance claims data on about 20,000 veterans who were treated at the Pittsburgh and Philadelphia VA medical centers was stolen from the Unisys office in Reston, Va. Unisys was under contract to track the claims.

As a result of those incidents, VA Secretary Jim Nicholson established the VA information security program, setting standards for accessing information systems and requiring officials to report compliance failures or policy violations immediately. He also ordered annual cybersecurity and privacy awareness training for all VA employees.

Identity Force said that under the terms of the contract, the Framingham, Mass.-based company is providing the following services:

• Online and toll-free access for individuals to enroll in the Credit Monitoring Services program.
• Automatic daily monitoring of Equifax, Experian and TransUnion credit bureau reports.
• Alerts of any key changes to credit reports.
• On-demand personal access to credit reports and scores.
• Dedicated fraud resolution representatives available to counsel and assist victims of identity theft.
• A $20,000 identity theft insurance policy.

“This contract is a perfect example of how the federal government’s new blanket purchase agreement for identity theft and credit monitoring services helps government agencies develop rapid responses to data losses or security breaches,” she said.