VA agrees to pay $20M in laptop theft case

The Veterans Affairs Department has agreed to pay $20 million to settle a lawsuit filed by veterans over the risk of potential identity theft when a VA laptop PC that contained their sensitive information was stolen in 2006. The laptop contained files with personally identifiable information on millions of veterans, such as names, birth dates and Social Security numbers.

Attorneys for the VA and the veterans filed legal papers Jan. 27 in U.S. District Court for the District of Columbia to settle the suit, and a judge must approve the terms of the settlement. The class-action lawsuit, filed in 2006, asked for $1,000 in damages for every veteran whose data was put at risk.

After the theft, the VA offered to provide credit protection for veterans whose data was on the laptop thieves stole from the Maryland home of a VA analyst. Law enforcement officials later recovered the laptop PC, and forensic investigators determined that the criminals had not accessed sensitive data, department officials said.

“We want to assure veterans there is no evidence that the information involved in this incident was used to harm a single veteran,” a VA spokeswoman said in a statement.

Taxpayers ultimately would pay for the $20 million proposed settlement through the Treasury Department’s Judgment Fund, the VA said. The fund is available for court judgments and the Justice Department's settlements of actual or imminent lawsuits against the government, according to Treasury's  Web site. Congress appropriates funds for the account, and for settlements such as this, agencies do not reimburse the account, the department said.

In a notice the VA prepared to be sent to veterans about the proposed settlement, the department said a veteran could receive the actual cost of out-of-pocket expenses up to $1,500 with a valid claim submission, and the minimum payment for each valid claim would be $75.

The claim would be for expenses that were the direct result of the computer theft, including the purchase of credit monitoring to protect against identity loss and medical expenses incurred that were the result of severe emotional distress, the notice said.

The computer theft and the department's delay in notifying veterans and other federal officials prompted hearings in Congress, the firing of some VA officials, and revelations by the department's inspector general of serious gaps in computer and information security. In the wake of the theft, the Office of Management and Budget issued numerous requirements for agencies to strengthen the protection and confidentiality of personally identifiable information. Those measures include encrypting sensitive data on mobile devices, conducting inventories of systems that contain personal data and implementing a breach-notification process.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Thu, Aug 6, 2009 tom california

I have had credit monitoring for years, just because this has become a crazy world. The VA does a good job taking care of millions of veterans. keep up the good work.

Tue, Jun 16, 2009

This is another example of some in our society trying to profit inappropriately from nothing more than a "lottery" type of law suit. In a society where so many believe it is OK to profit as long as the law can be used to manipulste the truth for gain are acting irresponsibly. This has nothing to do with justice. It is,as so many tort actions are, motivated by greed. How can resposible, professionals allow the VA to be penalized when there are no damages. It might be justice to just compensate those who, out of fear, paid for credit protection. Did they, however, in fact, do so well informed of the true issues and risks. $20 million is an absurd amount considering the lack of any substantial damages and the fact that no information was actually lost. I was on the list and decided to not purchase identity protection or join a suit class. Was I stupid or just realistic, ethical and appropriate ? The VA needs that money. With two wars, the needs of the VA are enormous."Stealing"from the VA is disrespectful to the many military that have been fighting for all of us.

Wed, Feb 4, 2009 silver lining

There is an upside; the need for additional security measures and/or processess has been identified without an actual compromise of sensative data. If the settlement will only cover out of pocket expenses incurred by those whose data was at risk, far less than $20M will, likely, be paid out.

Tue, Feb 3, 2009 opm worker Washington DC

va worker: You say VA now has $20 million less for hiring, training, and upgrading. The article says "Taxpayers ultimately would pay for the $20 million proposed settlement through the Treasury Department’s Judgment Fund" "The fund is available for court judgments and the Justice Department's settlements of actual or imminent lawsuits against the government" "agencies do not reimburse the account"

Tue, Feb 3, 2009 vaworker

Some people rushed out and bought their own credit monitoring. Other people panicked and made themselves sick with worry. There is where the lawsuit comes in. Some veteran groups want to get whatever they can from the VA to bolster their membership by proving to veterans that "are doing stuff to help veterans". Now VA has 20 million dollars less to hire more people, train more people and upgrade their facilities, so in effect these veteran groups that sued VA just made it that much harder for VA to do its job. Security has increased dramatically around here and if Gary went to work for the VA he WOULD be impressed with the security improvements. But since he is an outsider he will continue to throw stones.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group