VA agrees to pay $20M in laptop theft case

The Veterans Affairs Department has agreed to pay $20 million to settle a lawsuit filed by veterans over the risk of potential identity theft when a VA laptop PC that contained their sensitive information was stolen in 2006. The laptop contained files with personally identifiable information on millions of veterans, such as names, birth dates and Social Security numbers.

Attorneys for the VA and the veterans filed legal papers Jan. 27 in U.S. District Court for the District of Columbia to settle the suit, and a judge must approve the terms of the settlement. The class-action lawsuit, filed in 2006, asked for $1,000 in damages for every veteran whose data was put at risk.

After the theft, the VA offered to provide credit protection for veterans whose data was on the laptop thieves stole from the Maryland home of a VA analyst. Law enforcement officials later recovered the laptop PC, and forensic investigators determined that the criminals had not accessed sensitive data, department officials said.

“We want to assure veterans there is no evidence that the information involved in this incident was used to harm a single veteran,” a VA spokeswoman said in a statement.

Taxpayers ultimately would pay for the $20 million proposed settlement through the Treasury Department’s Judgment Fund, the VA said. The fund is available for court judgments and the Justice Department's settlements of actual or imminent lawsuits against the government, according to Treasury's  Web site. Congress appropriates funds for the account, and for settlements such as this, agencies do not reimburse the account, the department said.

In a notice the VA prepared to be sent to veterans about the proposed settlement, the department said a veteran could receive the actual cost of out-of-pocket expenses up to $1,500 with a valid claim submission, and the minimum payment for each valid claim would be $75.

The claim would be for expenses that were the direct result of the computer theft, including the purchase of credit monitoring to protect against identity loss and medical expenses incurred that were the result of severe emotional distress, the notice said.

The computer theft and the department's delay in notifying veterans and other federal officials prompted hearings in Congress, the firing of some VA officials, and revelations by the department's inspector general of serious gaps in computer and information security. In the wake of the theft, the Office of Management and Budget issued numerous requirements for agencies to strengthen the protection and confidentiality of personally identifiable information. Those measures include encrypting sensitive data on mobile devices, conducting inventories of systems that contain personal data and implementing a breach-notification process.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.