Stolen VA Laptop and Hard Drive Recovered

By Christopher Lee and Zachary A. Goldfarb
Washington Post Staff Writers
Friday, June 30, 2006

Federal officials yesterday announced the recovery of computer equipment stolen from an employee of the Department of Veterans Affairs. They said that sensitive personal information of 26.5 million veterans and military personnel apparently had not been accessed.

The laptop and external hard drive, stolen May 3 from a VA data analyst's home in Aspen Hill, contained the names, birth dates and Social Security numbers of millions of current and former service members. The theft was the largest information security breach in government history and raised fears of potential mass identity theft.

VA Secretary Jim Nicholson announced the recovery yesterday during a hearing of the House Committee on Veterans Affairs.

"Law enforcement has in their possession the laptop and hard drive," Nicholson said. "The serial numbers match. They are diligently conducting forensic analysis on it to see if they can tell whether it's been duplicated or utilized or entered in any way, and that work is not complete. However, they did say to me that there is reason to be optimistic."

FBI officials and local authorities said at a news conference that a person who had the laptop contacted U.S. Park Police on Wednesday after seeing news accounts and notices of a $50,000 reward offered by Montgomery County police. The devices were recovered in the "general vicinity" of Aspen Hill, said Chief Dwight E. Pettiford of the Park Police.

FBI Special Agent in Charge William D. Chase, of the agency's Baltimore office, said it is "way too early" to say whether the person will get the reward or whether criminal charges will be filed soon. FBI spokeswoman Michelle Crnkovich said the tipster is not a suspect.

"A preliminary review of the equipment by computer forensic teams has determined that the data base remains intact and has not been accessed since it was stolen," the FBI said in a statement. "A thorough forensic examination is underway, and the results will be shared as soon as possible."

Lawmakers hailed the investigative work but said VA still has much to do to improve data security.

"[T]he basic deficiencies leading to this data loss must be corrected," Rep. Steve Buyer (R-Ind.), chairman of the Veterans Affairs Committee, said in a statement. "The history of lenient policies and lack of accountability within VA management must be rectified."

Rep. Lane Evans (Ill.), the committee's ranking Democrat, said in a statement: "Today's announcement does not relieve the Department of Veterans Affairs from fixing its broken data security system and failed leadership."

The theft has proved to be an embarrassing and expensive management failure for VA. In a series of hearings, lawmakers have criticized Nicholson for the department's lax security practices and sluggish response, noting that the secretary was not told of the burglary for 13 days. The incident also has cast light on the department's consistent ranking near the bottom among federal agencies in an annual congressional scorecard of computer security.

Pedro Cadenas Jr., the VA official in charge of information security, resigned yesterday for personal reasons, VA officials said. Earlier, a high-ranking political appointee was dismissed and a longtime career manager was forced to retire.

CONTINUED     1        >

© 2006 The Washington Post Company