This incident has 0 proposed changes. Know of details that have changed? Submit them Showing Incident 289

SUMMARY

Names, Social Security numbers, and dates of birth of 26.5 million U.S. military veterans stolen
Records	26,500,000
Record Types	SSN NAA
Breach Type	Stolen Computer
Data Family	Electronic
Source	Outside
Organization	U.S. Department of Veterans Affairs
Other Affected/Involved Organizations	None
Lawsuit?	YES
Data Recovered?	NO/UNKNOWN
Arrest?	NO/UNKNOWN
Submitted By:	Anonymous

TIMELINE

Date	Event
None. Add Data	Incident Occurred
New Timeline Item For Incident Occurred Date Reference URL Spam Check: (type the code from the image)
None. Add Data	Incident Discovered By Organization
New Timeline Item For Incident Discovered By Organization Date Reference URL Spam Check: (type the code from the image)
2006-05-22	Organization Reports Incident
New Timeline Item For Organization Reports Incident Date Reference URL Spam Check: (type the code from the image)
None. Add Data	Organization Mails Notifications
New Timeline Item For Organization Mails Notifications Date Reference URL Spam Check: (type the code from the image)
None. Add Data	Records Recovered
New Timeline Item For Records Recovered Date Reference URL Spam Check: (type the code from the image)
None. Add Data	Lawsuit Filed
New Timeline Item For Lawsuit Filed Date Reference URL Spam Check: (type the code from the image)
None. Add Data	Arrest Made
New Timeline Item For Arrest Made Date Reference URL Spam Check: (type the code from the image)

SIMILAR INCIDENTS

records	date	organizations

MAP OF INCIDENT LOCATION

Address: USA
Have a better address for this incident? Suggest it!

suggest a new reference

REFERENCES

suggest a new attachment

ATTACHMENTS

KNOWN COURT CASES

IN PROGRESS

IN RE: DEPARTMENT OF VETERANS AFFAIRS (VA) DATA THEFT LITIGATION - MDL 1796

Filed On

Justia Link

Pacer Link

Court

Federal?

Case Number

Pacer Case Number

Incident

2006-11-14

Pacer Docket

Justia

District of Columbia

true

1:06-mc-00506-JR

289

Case Files

Settlement Agreement

Awards / Settlements

Award	Monetary Value	Description
Settlement to the Class	$20,000,000.00	Inclusive of costs (lawyers fees, filing fees, etc.)
	$20,000,000.00

OSF Summary

Consolidated class action lawsuit regarding the US VA's data breach in 2006.

COSTS SUMMARY

Known Actual Costs

Monetary Awards from Court Cases	$20,000,000.00
TOTAL KNOWN COSTS	$20,000,000.00

Estimated Costs

Ponemon Institute Direct Costs Estimate ¹

$1,590,000,000.00

Note that these estimates are based on the Ponemon Institute's 2009 direct costs figures from their 2009 Annual Study: Cost of a Data Breach. We multiply $60.00 by the number of records to obtain this figure. Keep in mind that depending on the breach, the direct costs are not always suffered by the breached organizations. In the case of credit card number breaches, the direct costs can often be suffered by banks and card issuers. Also note that this is only an estimate.

PRIMARY SOURCES

Primary Source ID: 631

add details to this primary source Description
This letter notifies all veterans of the theft of a laptop containing "identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings." The letter goes on to note that an investigation is underway, but that authorities doubt the laptop was stolen with knowledge of its contents. The letter then details steps veterans should take to protect against identity theft generally; there is a two-page FAQ enclosed with the one-page letter, which details how to detect/prevent identity theft, what steps the Department of Veterans' Affairs is taking to prevent future incidents, and who to contact for more information.
Filename	Source	Researcher	Incident IDs
VeteransAdmin-20060522_MERGED.PDF	New York State Consumer Protection Board	cwalsh	289
Records	File Date	Uploaded	Updated
Not yet entered	2006-05-01	2008-12-04	23 Sep 17:52
Excerpt
__.. _ V §~ :; :§: : - - ` QV _-;$\·~·9g5V· Rv ` V ’-> ·`=\ xx-V=&=x~V.V¤ "\ =E:;x ° _g\ ;. . :5;:: V g;g;:§:§§ Q;. · 1 ~: ‘~VV*:-VV +:V-:··-Vb \ x. -: -~~. . §:5é=E:§E=E=; —·...

Click here for the Full Details | Download Raw PDF

Videos

COMMENTS

by d2d [Data Loss Maven] on 2009-01-28 (about 1 year ago)

Fined $20 million for the breach.

by Anonymous on 2009-05-21 (about 1 year ago)

I follow this site on Twitter (@datalossdb). The information provided is fantastic, and as a veteran who was affected by this incident, I appreciate the quick reporting!

Incidents:

Data Types:

Sectors:

Sources:

Breach Types:

Disposal Computer | Disposal Document | Disposal Tape | Disposal Drive
Email | Fraud Se | Hack | Lost Computer
Lost Document | Lost Drive | Lost Laptop | Lost Media
Lost Tape | Missing Laptop | Snail Mail | Stolen Computer
Stolen Document | Stolen Drive | Stolen Laptop | Stolen Media
Stolen Tape | Unknown | Virus | Web