FOR IMMEDIATE RELEASE: June 21, 2006
Schumer Reveals At Least 350,000 Upstate NY Vets’ Info Stolen During VA Data Theft – Unveils New Plan For All Government Agencies To Keep Personal Data Secure
In Light of VA Data Theft and Security Breaches at Depts. of Energy and Health and Human Services, Schumer Announces New Legislation Mandating New Security Standards for Federal Agencies and Tougher Penalties for Stealing Personal Information from Government Databases Schumer: We Can't Ask the Private Sector to Put Safeguards in Place While Our Own Government is Asleep at the Switch An
On the heels of new identity theft breaches at the Department of Veterans Affairs and other federal agencies, U.S. Senator Charles E. Schumer unveiled a new report showing at least 350,000 Upstate New York veterans could have had their most sensitive information, including their social security numbers, stolen when a laptop was taken from a Department of Veterans Affairs’ employee’s home. In response to this significant data breach and many others reported in the federal government, Schumer, who authored comprehensive identity theft legislation last year, announced new measures to crack down on ID theft and protect sensitive personal information held in government databases.
“We can't ask the private sector to put safeguards in place while our own government is asleep at the switch,” Schumer said. “Our veterans have already sacrificed so much for this country, they shouldn’t have to put their financial well-being on the line too. Our legislation will close a gaping loophole in the law by focusing on protecting federal databases and punishing the hackers and thieves who try to steal this very sensitive information for financial gain. The bottom line is, what bank robbery was to the Depression Era, ID theft is to the Information Age.”
On May 22, the Department of Veterans Affairs announced that the personal information, including names, dates of birth, social security numbers, and in some cases, spousal information, of more than 26.5 million active and former military personnel stored on a Department laptop was stolen from the home of a VA employee three weeks earlier. The employee was not authorized to take the laptop containing the information on it home.
According to the Department of Veterans affairs, 26.5 million identities were stolen from the laptop including, 1.1 million active duty personnel, 430,000 National Guard members, and 645,000 Reservists. The remaining 24.3 identities were veterans. The data breach potentially affects all veterans who were discharged after 1975 when the VA began automating it records and veterans who ever filed a claim for VA disability compensation, pension, or education benefits, or who have (or had) a VA insurance policy, whether their claim was denied or not.
Schumer today released a new report estimating the number of Upstate New York veterans who were affected by the data breach. Schumer used population and duration of service data from the Department of Veterans Affairs to estimate those who were discharged after 1975 or filed a disability claim after the Vietnam War.
Of the 652,138 veterans currently living in upstate New York, Schumer estimated that at least 352,000 of them could have had their most sensitive information stolen. Schumer acknowledged that this was a conservative estimate because the VA has not confirmed how far back the records go prior to the Vietnam Era. Specifically:
Of the 84,849 veterans living in the Capital Region, an estimated 45,875 veterans’ information was stolen during the VA data theft. In 2005, there were 918 ID theft complaints reported to the FTC.
Of the 75,591 veterans living in Central New York, an estimated 40,870 veterans’ information was stolen during the VA data theft. In 2005, there were 844 ID theft complaints reported to the FTC.
Of the 93,332 veterans living in the Rochester -- Finger Lakes Region, an estimated 50,462 veterans’ information was stolen during the VA data theft. In 2005, there were 1,133 ID theft complaints reported to the FTC.
Of the 156,026 veterans living in the Hudson Valley, an estimated 84,631 veterans’ information was stolen during the VA data theft. In 2005, there were 2,145 ID theft complaints reported to the FTC.
Of the 52,233 veterans living in the North Country, an estimated 28,242 veterans’ information was stolen during the VA data theft. In 2005, there were 507 ID theft complaints reported to the FTC.
Of the 59,414 veterans living in the Southern Tier, an estimated 32,125 veterans’ information was stolen during the VA data theft. In 2005, there were 587 ID theft complaints reported to the FTC.
Of the 130,693 veterans living in Western New York, an estimated 70,664 veterans’ information was stolen during the VA data theft. In 2005, there were 1,365 ID theft complaints reported to the FTC.
Schumer said that federal data security breaches and potential ID theft is not limited to the Department of Veterans Affairs. More than a month ago, The Centers for Medicare and Medicaid Services acknowledged that more than 17,000 seniors were put at risk when an employee for Humana Inc., a health plan that provides benefits to Medicare recipients, left individuals’ names and social security numbers on a public computer in a hotel. Last month, the Department of Energy finally acknowledged that information of at least 1,500 Department of Energy employees was stolen by a hacker eight months earlier. Employees were given no notification that their information had been stolen until an Energy Department administrator admitted the theft before a congressional committee.
In addition, The Farm Service Agency (FSA) of the Dept. of Agriculture announced on Feb. 15, 2006, that a contractor had inadvertently released the social security numbers and tax identification numbers of 350,000 participants in a tobacco buyout program.
In response to these and many other data breaches within the Federal government, Schumer announced a three-point plan to crack down on ID theft and protect millions of American’s information stored in federal databases.
Schumer today announced he is offering an amendment with Senator Dianne Feinstein (D-CA) to the Department of Defense Authorization bill that requires Federal agencies and their contractors notify individuals when there has been a security breach which has resulted, or could result, in their personal data being compromised. All notices must include: (1) a description of the type of personal data which has been, or could have been, compromised; (2) a toll-free telephone number for individuals to call to learn what type of personal data has been, or could have been, compromised and whether or not that individual's data may be at risk; and (3) toll-free telephone numbers and addresses for the major credit reporting agencies.
Schumer is cosponsoring the Data Theft Prevention Act of 2006 (S. 3506), introduced by Senator Daniel Akaka (D-HI). This bill prohibits unauthorized removal or use of sensitive, personal data contained in a Federal government database. It establishes federal penalties for anyone who knowingly and without authorization views, uses, downloads, removes, or transfers to another computer, network, database, or other format, any sensitive, personally identifiable information, including health information, that is in a Federal government database. This bill would also establish federal penalties for any person who uses such information in furtherance of a violation of any Federal or State criminal law. The penalty for violating these prohibitions is up to $100,000 fine and/or one year imprisonment.
Finally, Schumer is calling on the Government Accountability Office (GAO) to conduct an in-depth inquiry into the causes of the data breach at the VA, the adequacy of the VA’s response, and the impact to veterans and the military community at large. Specifically, the GAO would provide a full and complete assessment of the security breach, the affected personnel, and review the impact of the delay by VA officials to analyze the contents of the stolen data. In addition, the GAO would evaluate the VA’s response, its efforts to strengthen personal information security management, and the overall impact of the data theft on the veteran, active, guard and reserve community, and the efforts undertaken by VA to ensure that the stolen personal information is not misused.
Last year, Schumer introduced the Comprehensive Identity Theft Prevention Act (S. 768), which would regulate the data broker industry and create an Office of Identity Theft in the Federal Trade Commission to assist consumers. Schumer’s bill would also protect sensitive data maintained by governmental agencies by: (1) prohibiting the display of social security account numbers on government employment identification cards and tags; (2) prohibiting state and federal prisoners’ access to social security account numbers in employment; and (3) mandating the Federal Trade Commission to study the use and publication of social security numbers by Federal, State, and local governments, and to make recommendations to modify those practices in order to reduce identity theft.