VA agrees to pay $20M in laptop theft case
The Veterans Affairs Department has agreed to pay $20 million to settle a lawsuit filed by veterans over the risk of potential identity theft when a VA laptop PC that contained their sensitive information was stolen in 2006. The laptop contained files with personally identifiable information on millions of veterans, such as names, birth dates and Social Security numbers.
Attorneys for the VA and the veterans filed legal papers Jan. 27 in U.S. District Court for the District of Columbia to settle the suit, and a judge must approve the terms of the settlement. The class-action lawsuit, filed in 2006, asked for $1,000 in damages for every veteran whose data was put at risk.
After the theft, the VA offered to provide credit protection for veterans whose data was on the laptop thieves stole from the Maryland home of a VA analyst. Law enforcement officials later recovered the laptop PC, and forensic investigators determined that the criminals had not accessed sensitive data, department officials said.
“We want to assure veterans there is no evidence that the information involved in this incident was used to harm a single veteran,” a VA spokeswoman said in a statement.
Taxpayers ultimately would pay for the $20 million proposed settlement through the Treasury Department’s Judgment Fund, the VA said. The fund is available for court judgments and the Justice Department's settlements of actual or imminent lawsuits against the government, according to Treasury's Web site. Congress appropriates funds for the account, and for settlements such as this, agencies do not reimburse the account, the department said.
In a notice the VA prepared to be sent to veterans about the proposed settlement, the department said a veteran could receive the actual cost of out-of-pocket expenses up to $1,500 with a valid claim submission, and the minimum payment for each valid claim would be $75.
The claim would be for expenses that were the direct result of the computer theft, including the purchase of credit monitoring to protect against identity loss and medical expenses incurred that were the result of severe emotional distress, the notice said.
The computer theft and the department's delay in notifying veterans and other federal officials prompted hearings in Congress, the firing of some VA officials, and revelations by the department's inspector general of serious gaps in computer and information security. In the wake of the theft, the Office of Management and Budget issued numerous requirements for agencies to strengthen the protection and confidentiality of personally identifiable information. Those measures include encrypting sensitive data on mobile devices, conducting inventories of systems that contain personal data and implementing a breach-notification process.
Mary Mosquera is a reporter for Federal Computer Week.