Blog > > VA to Offer Credit Monitoring

VA to Offer Credit Monitoring

1 Year of Service Free To Data-Theft Victims
Zachary A. Goldfarb
The Washington Post

The Department of Veteran Affairs said yesterday that it will offer free credit monitoring for a year to the millions of veterans and military personnel whose personal information was stolen last month. The department said the plan will safeguard the credit records of those affected and provide them with peace of mind.

But Veterans Affairs Secretary Jim Nicholson told reporters that there has been no progress in finding the stolen electronic devices containing the data.

The credit-monitoring plan received high marks from some VA critics on Capitol Hill, as well as from representatives of veterans -- although questions were raised about how the department would pay for the monitoring.

About 17.5 million veterans and military personnel affected by the data breach -- which included names, birth dates and Social Security numbers -- will receive information about signing up for the monitoring in August, Nicholson said. He said the department continues to "have no evidence that any use is being made of this data that has been stolen."

The department originally said that as many as 26.5 million people could have been affected by the breach, but some of the data turned out to be duplicates or did not contain Social Security numbers.

The plan is the most significant step VA has taken to protect the financial records of affected veterans and military personnel since the May 3 theft. The information was on an external hard drive and a laptop computer stolen from the house of a department employee. The public announcement of the theft came three weeks later. The authorities said the thief did not appear to target the data.

The department has taken several other steps to prevent another data breach, including hiring a special adviser on information security, accelerating security and privacy training, and reviewing procedures for accessing and storing sensitive data. Nicholson said that every VA facility across the country will observe a "security awareness" week starting Monday and that the department will hire a company to determine whether the stolen information is being misused.

"It is a positive step for all veterans, service members and their families," said Joe Davis, a spokesman for the Veterans of Foreign Wars of the United States, which represents more than 2 million members.

"Is one year enough? We don't know," Davis said. He noted that military personnel and veterans will be left unprotected through August and may choose to pay for the credit monitoring themselves, which can cost more than $75 per year.

Rep. Lane Evans (Ill.), the ranking Democrat on the House Veterans' Affairs Committee, called the move a "good first step." He urged passage of a bill that he has introduced with Rep. John T. Salazar (D-Colo.) to provide expanded identity-theft protection to the affected veterans.

Congress has held a series of hearings on information security at VA in the wake of the theft. Yesterday, one focused on the storage of veterans' medical information -- an area where the department has done well. Today, the House Veterans' Affairs Committee is to hold a hearing on the academic and legal implications of the data loss. Veterans groups have sued the federal government for allegedly violating their members' privacy, asking for $1,000 in damages per person.

Nicholson said at the news conference that expenditures for the monitoring service "will not come out of other VA programs," a view that seemed to have support on Capitol Hill. "It will not work a diminution in other services that we're providing to veterans."

He said the department has been in talks with Congress and the administration to find money for the program. "It's not going to be cheap," he acknowledged.

The department has already budgeted $25 million for an initial mailing -- to alert people affected by the data breach -- and for setting up call centers, which cost about $200,000 per day.

Nicholson said "the call centers have not had nearly as many calls as we anticipated." To pay for some of the costs, he said, "we can tighten belts in certain areas," but he did not specify which ones.