VA agrees to pay $20M in laptop theft case

The Veterans Affairs Department has agreed to pay $20 million to settle a lawsuit filed by veterans over the risk of potential identity theft when a VA laptop PC that contained their sensitive information was stolen in 2006. The laptop contained files with personally identifiable information on millions of veterans, such as names, birth dates and Social Security numbers.

Attorneys for the VA and the veterans filed legal papers Jan. 27 in U.S. District Court for the District of Columbia to settle the suit, and a judge must approve the terms of the settlement. The class-action lawsuit, filed in 2006, asked for $1,000 in damages for every veteran whose data was put at risk.

After the theft, the VA offered to provide credit protection for veterans whose data was on the laptop thieves stole from the Maryland home of a VA analyst. Law enforcement officials later recovered the laptop PC, and forensic investigators determined that the criminals had not accessed sensitive data, department officials said.

“We want to assure veterans there is no evidence that the information involved in this incident was used to harm a single veteran,” a VA spokeswoman said in a statement.

Taxpayers ultimately would pay for the $20 million proposed settlement through the Treasury Department’s Judgment Fund, the VA said. The fund is available for court judgments and the Justice Department's settlements of actual or imminent lawsuits against the government, according to Treasury's  Web site. Congress appropriates funds for the account, and for settlements such as this, agencies do not reimburse the account, the department said.

In a notice the VA prepared to be sent to veterans about the proposed settlement, the department said a veteran could receive the actual cost of out-of-pocket expenses up to $1,500 with a valid claim submission, and the minimum payment for each valid claim would be $75.

The claim would be for expenses that were the direct result of the computer theft, including the purchase of credit monitoring to protect against identity loss and medical expenses incurred that were the result of severe emotional distress, the notice said.

The computer theft and the department's delay in notifying veterans and other federal officials prompted hearings in Congress, the firing of some VA officials, and revelations by the department's inspector general of serious gaps in computer and information security. In the wake of the theft, the Office of Management and Budget issued numerous requirements for agencies to strengthen the protection and confidentiality of personally identifiable information. Those measures include encrypting sensitive data on mobile devices, conducting inventories of systems that contain personal data and implementing a breach-notification process.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

Reader comments

Thu, Aug 6, 2009 tom california

I have had credit monitoring for years, just because this has become a crazy world. The VA does a good job taking care of millions of veterans. keep up the good work.

Tue, Jun 16, 2009

This is another example of some in our society trying to profit inappropriately from nothing more than a "lottery" type of law suit. In a society where so many believe it is OK to profit as long as the law can be used to manipulste the truth for gain are acting irresponsibly. This has nothing to do with justice. It is,as so many tort actions are, motivated by greed. How can resposible, professionals allow the VA to be penalized when there are no damages. It might be justice to just compensate those who, out of fear, paid for credit protection. Did they, however, in fact, do so well informed of the true issues and risks. $20 million is an absurd amount considering the lack of any substantial damages and the fact that no information was actually lost. I was on the list and decided to not purchase identity protection or join a suit class. Was I stupid or just realistic, ethical and appropriate ? The VA needs that money. With two wars, the needs of the VA are enormous."Stealing"from the VA is disrespectful to the many military that have been fighting for all of us.

Wed, Feb 4, 2009 silver lining

There is an upside; the need for additional security measures and/or processess has been identified without an actual compromise of sensative data. If the settlement will only cover out of pocket expenses incurred by those whose data was at risk, far less than $20M will, likely, be paid out.

Tue, Feb 3, 2009 opm worker Washington DC

va worker: You say VA now has $20 million less for hiring, training, and upgrading. The article says "Taxpayers ultimately would pay for the $20 million proposed settlement through the Treasury Department’s Judgment Fund" "The fund is available for court judgments and the Justice Department's settlements of actual or imminent lawsuits against the government" "agencies do not reimburse the account"

Tue, Feb 3, 2009 vaworker

Some people rushed out and bought their own credit monitoring. Other people panicked and made themselves sick with worry. There is where the lawsuit comes in. Some veteran groups want to get whatever they can from the VA to bolster their membership by proving to veterans that "are doing stuff to help veterans". Now VA has 20 million dollars less to hire more people, train more people and upgrade their facilities, so in effect these veteran groups that sued VA just made it that much harder for VA to do its job. Security has increased dramatically around here and if Gary went to work for the VA he WOULD be impressed with the security improvements. But since he is an outsider he will continue to throw stones.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above