By Christopher Lee and Karin Brulliard
Washington Post Staff Writers
Sunday, August 6, 2006
Montgomery County police charged two men yesterday with felonies in the May 3 theft of computer equipment from the home of a Department of Veterans Affairs analyst, a case that blossomed into the largest data breach in federal government history.
Police arrested Jesus Alex Pineda, 19, and Christian Brian Montano, 19, both of Rockville, about 9 p.m. Friday in a McDonald's restaurant and charged them yesterday with first-degree burglary and theft over $500. Montano was also charged with conspiracy to commit first-degree burglary and conspiracy to commit theft over $500. A juvenile in custody on an unrelated charge is also a suspect in the crime, police said.
The stolen laptop and external hard drive contained the unencrypted names, Social Security numbers and birth dates of about 19.6 million veterans and active-duty military members as well as the names and birthdates of about 6.9 million other veterans and service members.
Police depicted the suspects as ordinary thieves who are responsible for a string of other local burglaries but did not target the laptop and hard drive, which police say they stole along with jewelry and cash.
"As far as we can determine, this was a random burglary," Montgomery County Police Chief J. Thomas Manger said at a news conference. "They did not know what they had."
Manger said police don't think that the theft was part of a "larger conspiracy."
Authorities recovered the laptop and hard drive in late June when a person who had the equipment contacted U.S. Park Police after seeing news accounts and notices of a $50,000 reward offered by Montgomery police.
FBI officials announced last month that forensic tests on the stolen equipment gave them "a high degree of confidence" that the sensitive data had not been accessed. The Bush administration then withdrew an offer of free credit monitoring for a year to the millions of affected veterans and military personnel, a service that would have cost upward of $160 million.
Key information that led to Friday's arrests came from a phone tip received by the FBI within the previous few days, Manger said. The three are suspected in at least five other burglaries, police said, and two of them have criminal records.
Manger said yesterday that it is uncertain whether the tipster who led police to the laptop -- or anyone else -- will receive the $50,000 reward. "We want to make sure that the right people get that reward money," he said.
Despite the prior recovery of the equipment, the recent arrests were "absolutely critical," said Jim O'Neill, assistant inspector general for the VA. "If someone got their hands on that many personal identities, the result would be catastrophic if their intent was to steal their identities."
In a statement yesterday, VA Secretary Jim Nicholson called the arrests "good news" and praised investigators for "their professionalism and diligence."
The arrests brought some closure to a case that began as a simple burglary of an Aspen Hill home but grew into a major bureaucratic scandal involving fears of mass identity theft and accusations of incompetence against VA leaders.
Although the VA analyst, identified in VA documents as Wayne Johnson, notified his bosses and Montgomery police of the theft right away, Nicholson was not told of the theft until May 16. And Nicholson did not tell the public until six days later, May 22.
The ensuing scandal prompted a wave of congressional hearings that put Nicholson in the political hot seat for the department's lax security practices and led to the resignations or departures of at least five senior VA officials, including the analyst's supervisor and department head.
The data breach and the sluggish VA response enraged many veterans and active-duty military members who found themselves at heightened risk of identity theft and felt that their trust in the VA had been betrayed.
Veterans directed some of their harshest criticism at Johnson, who Nicholson and VA Inspector General George J. Opfer said took the sensitive data home to work on a project without authorization.
But Opfer also found, and Nicholson acknowledged, that top VA officials also were to blame for the theft because of the department's inadequate information security policies and practices. Johnson had taken such data home for as long as three years -- something VA officials say they might never have known had the analyst not informed police of the burglary.
Nicholson has said the department will terminate Johnson, 60, a GS-14 employee who earns $91,407 to $118,828 a year and who has worked for the VA for more than 30 years. Johnson is challenging the firing under civil service rules.
"The department is still moving forward with dismissal proceedings," said Matt Burns, a VA spokesman.
The Washington Post had previously agreed not to publish Johnson's name pending the investigations by the FBI and Montgomery police.
Johnson's telephone number had been disconnected, and he could not be reached for comment yesterday. His attorney, Jonathan Axelrod, was traveling and unavailable to comment, said Zach Axelrod, the lawyer's son.