VA agrees to pay $20M in laptop theft case

The Veterans Affairs Department has agreed to pay $20 million to settle a lawsuit filed by veterans over the risk of potential identity theft when a VA laptop PC that contained their sensitive information was stolen in 2006. The laptop contained files with personally identifiable information on millions of veterans, such as names, birth dates and Social Security numbers.

Attorneys for the VA and the veterans filed legal papers Jan. 27 in U.S. District Court for the District of Columbia to settle the suit, and a judge must approve the terms of the settlement. The class-action lawsuit, filed in 2006, asked for $1,000 in damages for every veteran whose data was put at risk.

After the theft, the VA offered to provide credit protection for veterans whose data was on the laptop thieves stole from the Maryland home of a VA analyst. Law enforcement officials later recovered the laptop PC, and forensic investigators determined that the criminals had not accessed sensitive data, department officials said.

“We want to assure veterans there is no evidence that the information involved in this incident was used to harm a single veteran,” a VA spokeswoman said in a statement.

Taxpayers ultimately would pay for the $20 million proposed settlement through the Treasury Department’s Judgment Fund, the VA said. The fund is available for court judgments and the Justice Department's settlements of actual or imminent lawsuits against the government, according to Treasury's  Web site. Congress appropriates funds for the account, and for settlements such as this, agencies do not reimburse the account, the department said.

In a notice the VA prepared to be sent to veterans about the proposed settlement, the department said a veteran could receive the actual cost of out-of-pocket expenses up to $1,500 with a valid claim submission, and the minimum payment for each valid claim would be $75.

The claim would be for expenses that were the direct result of the computer theft, including the purchase of credit monitoring to protect against identity loss and medical expenses incurred that were the result of severe emotional distress, the notice said.

The computer theft and the department's delay in notifying veterans and other federal officials prompted hearings in Congress, the firing of some VA officials, and revelations by the department's inspector general of serious gaps in computer and information security. In the wake of the theft, the Office of Management and Budget issued numerous requirements for agencies to strengthen the protection and confidentiality of personally identifiable information. Those measures include encrypting sensitive data on mobile devices, conducting inventories of systems that contain personal data and implementing a breach-notification process.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.