The public relations nightmare for the U.S. Department of Veterans Affairs (VA) worsened this week with the announcement that last month's loss of a relatively low impact hard drive loss actually affected 1.8 million people.
An employee with the Birmingham VA Medical Center reported an external drive missing late last month. When the agency’s inspector general was notified and began an investigation, the initial estimate was that the drive only contained approximately 48,000 personally identifiable records.
But an investigation has revealed that about 1.8 million records - 535,000 of which likely affect veterans and VA staff, while the other 1.3 million affect non-VA physicians.
The VA has begun notifying those affected, offering them a free year of credit monitoring.
“Our investigation into this incident continues, but I believe it is important to provide the public additional details as quickly as we can,” said Jim Nicholson, secretary of Veterans Affairs. “I am concerned and will remain so until we have notified those potentially affected and get to the bottom of what happened.”
This incident is one in a string of VA IT security gaffes in the last year. Last spring a stolen laptop incident exposed the records of more than 26.5 million veterans. Pressure from the incident’s fallout led to the resignation of VA chief information security officer Pedro Cadenas in July.
Nicholson said that the agency remains committed to improving information security best practices within the VA.
“VA is unwavering in our resolve to bolster our data security measures,” he said. “We remain focused on doing everything that can be done to protect the personal information with which we are entrusted.”
Click here to email West Coast Bureau Chief Ericka Chickowski.