RealTime IT News

More Missing Data at VA

There's another data breach at the Veterans Administration (VA), this time exposing as many as 38,000 veterans to potential identity theft.

Unisys Corp.  said Monday a desktop computer is missing from its suburban Washington office containing the personal data on approximately 18,000 veterans.

Unisys and the VA also said they are investigating the possibility that the computer may contain personal information on another 20,000 veterans.

Unisys serves as a subcontractor on the VA's collection management system.

The missing information involves veterans treated at VA medical facilities in Philadelphia and Pittsburgh and includes names, addresses, Social Security numbers, dates of birth, insurance carriers and billing information and dates of military service.

Unisys said the data does not include personal financial information.

"The data were used only for insurance collections management purposes and may include insurance carrier and billing information, as well as claims data with some medical information," the Blue Bell, Pa.-based Unisys said in a statement.

Both Unisys and the VA launched an immediate investigation of the missing desktop computer after Unisys informed the VA of the breach on the afternoon of Aug. 3.

The VA also said it is working with Unisys on individual notices to potentially affected veterans and possible offers of credit monitoring.

This latest data breach follows a May disclosure by the VA of a stolen laptop containing personal information on approximately 26 million veterans.

The breach was the second largest on record and the biggest Social Security numbers breach ever.

Law enforcement officials subsequently recovered the laptop, and there is no evidence any of the data was used for identity theft.

The May breach sparked a furor in Washington, prompting lawmakers to blast the VA's security procedures.

"We have a meltdown in VA's information management," House Committee on Veterans Affairs Chairman Steve Buyer (R-Ind.) lectured VA Secretary R. James Nicholson.

Subsequent breaches at the U.S. Department of Navy and the Department of Agriculture added to the increasing criticism government agencies are not adequately protecting their data.

"VA is making progress to reform its information technology and cyber security procedures, but this report of a missing computer at a subcontractor's secure building underscores the complexity of the work ahead," Nicholson said in a statement Monday.