WASHINGTON -The government has recovered the stolen laptop computer and hard drive containing sensitive data for up to 26.5 million veterans and military personnel, Veterans Affairs Secretary Jim Nicholson said Thursday.
Nicholson said law enforcement officials were still investigating to determine whether data from the equipment, which included names, birth dates and Social Security numbers, had been duplicated or utilized in any way.
So far, he said there have been no reports of identity theft stemming from the May 3 burglary at a VA employee's Maryland home.
"There is reason to be optimistic," Nicholson told a House committee at the opening of a hearing on one of the worst breaches of information security. "There is not a certainty, but we have to remain hopeful they have not been compromised."
Nicholson offered no immediate details on how the laptop was recovered. He acknowledged that the burglary "has brought to the light of day some real deficiencies in the manner we handled personal data."
"If there's a redeeming part of this, I think we can turn this around," he said.
Newly discovered documents show that the VA analyst blamed for losing the laptop had received permission to work from home with data that included millions of Social Security numbers and other personal information on veterans and military personnel.
"From the start, the VA has acted as if the theft was a PR problem that had to be managed, not fully confronted," said Rep. Bob Filner, D-Calif. "They're trying to pin it on this one guy, but I think it's other people we need to be looking at."
The documents obtained by The Associated Press show that the data analyst, whose name was being withheld, had approval as early as Sept. 5, 2002, to use special software at home that was designed to manipulate large amounts of data.
A separate agreement, dated Feb. 5, 2002, from the office of the assistant secretary for policy and planning, allowed the worker to access Social Security numbers for millions of veterans.
A third document, also issued in 2002, gave the analyst permission to take a laptop computer and accessories for work outside of the VA building.
"These data are protected under the Privacy Act," one document states. The analyst is the "lead programmer within the Policy Analysis Service and as such needs access to real Social Security numbers."
The department said last month it was in the process of firing the data analyst, who is now challenging the dismissal.
VA officials have said the firing was justified because the analyst violated department procedure by taking the data home. They also said he was "grossly negligent" in handling sensitive information.
However, Filner noted that the employee had informed supervisors of the theft immediately after the crime, while supervisors waited nearly three weeks to inform the public on May 22. Nicholson himself was informed on May 16.
"The gross negligence in this case are the people above him," said Filner, the acting top Democrat on the House Veterans' Affairs Committee.
Veterans groups and lawmakers from both parties have criticized the VA for the theft and noted years of warnings by auditors that information security was lax. Some veterans also have filed suit in federal court, seeking $1,000 in damages - or up to $26.5 billion total - for privacy violations.
