The US Department for Veterans Affairs discovered the theft of 26.5 million former US soldiers’ records through office gossip, US government investigators have told Congress.
The electronic data – including names, social security numbers and dates of birth – was stolen from the home of a VA department data analyst during a burglary.
The analyst had been taking information home without permission for three years, investigators have found.
During Congress committee hearings on the scandal last week, VA inspector general George Opfer admitted: “We were never notified.” One of his staff had first heard about the burglary and possible theft of VA records at a routine meeting on 10 May. "It wasn't until we interviewed the employee on the 15th that we knew we had a significant problem," he said.
VA secretary Jim Nicholson said he was "mad as hell" that staff did not tell him about the huge data theft until 16 May. He told the Congress committee, “I can’t explain these lapses in judgment on the part of my people. Most of them are really great, hardworking people. It makes me so angry though. After the IG [Inspector General] completes his investigation, I plan to take decisive actions. I have to.”
But Larry Craig, chair of the Senate committee on veterans’ affairs asked Nicholson:, "How is it that VA’s computer system permits one person to download the records of 26 million individuals and no one is alerted?”
He added, “What is even more mind boggling is that after he revealed the facts of the theft to his supervisors, it took 13 more days for anyone else to discover the lost data was on 26 million people. Then it took two more days for the FBI to be notified.”