Who Pays for the VA’s Data Debacle?

The VA wants veterans to pay, again.

The Department of Veterans’ Affairs (VA) data heist of 2006 has been headline news for over a month. The VA has a solution. But, that solution is estimated to cost $100-500 million and the VA plans to pay with existing funds they will raid from veterans’ healthcare and benefits programs. The VA has not asked for any additional funding and Republican lawmakers aren’t offering any. But, legislation has been forwarded by Senators Murray and Byrd to give the VA an additional $160 million. Can it get past a belligerent majority who wants the VA to pay out-of-pocket?

In May we learned that the names, dates-of-birth and Social Security numbers of 26.5 million veterans were being stored on a laptop computer used by a VA data analyst. The data analyst took the laptop home and it was solen during a burglary.

As the VA slowly trickled out information about the theft, we discovered that the laptop also contained personal information about spouses and dependent children of veterans receiving disability compensation. Along with this were the addresses and phone numbers of many disabled veterans. Then, the VA admitted there was specific information about a veteran’s disability including medical diagnostic codes.

And, just when we thought it couldn’t get any worse, the VA announced that personal information of virtually all active-duty military personnel was also stored on the laptop, or on an external hard drive that was also stolen.

Although the laptop was password-protected, that can be thwarted in a few minutes. The data was not encrypted, making it easy for anyone with some basic computer knowledge to access the files.

The VA scrambled to assess blame for this gigantic data breach. The data analyst, a GS-14 career-track VA employee, was fired. (The employee has challenged the firing.) His immediate supervisor, a Republican political appointee named Michael McLendon, resigned. McLendon was the Deputy Assistant Secretary for Policy and had full knowledge that the data analyst was taking home personal information, a direct violation of VA policy and procedure.  

There are many unanswered questions. What was the data analyst doing with all that information? What was his assignment from McLendon? Did the analyst really have permission to take the data out of the VA? The VA isn’t talking, but Capitol Hill insiders close to the situation say it was analysis work designed to save the VA billions of dollars. No one will say he was directly working on ways to cut veterans’ benefits but all indications are that was the case.

Ironically, the person responsible for this loss remains anonymous. His name is known to every member of the press corps, but no one will print it because his privacy is protected. 

So, where do over 26 million veterans and active-duty military personnel stand today? The VA has sent out a letter explaining the data theft. In the letter they “apologize for any inconvenience” and provide a list of toll-free numbers and web sites that, basically, tell veterans what they already know.

At this point, the veterans service organizations were about to make a formal declaration of war against the VA. There had been lots of talk, but no action to help those who were at risk for identity theft.

Enter Congress. Every politician in need of face-time has been holding, or attending, a hearing. Results? Lots of finger-pointing but little action. Finally, Members of Congress started offering legislation. Amendments were proposed to give all those on the stolen data list free credit monitoring for periods ranging from six months to a year. But, still no word from the VA on what they were actually going to do.

On Tuesday, June 20, Senator Larry Craig (R-ID), Chairman of the Senate Committee on Veterans’ Affairs, along with two other Senators, offered up an amendment he felt would solve the problem. Craig said of his amendment, "Our veterans and servicemembers trust the federal government with their personal information - and we should honor their trust by passing this fair, just and common sense piece of legislation immediately."

There was a problem. It wasn’t fair or just and common sense didn’t enter into the picture. From Senator Craig’s press release announcing the amendment: “The amendment gives the Secretary of Veterans Affairs the option to provide the credit services at a discounted low fixed price for veterans…”  Craig’s legislation would have veterans paying for their own credit monitoring if the VA Secretary so declared. What a great way to save money!

Senator Craig’s office was hammered by phone calls from angry veterans and work was begun to rewrite the amendment. However, the original wording of the amendment set the tone for what was to come.

The next day, Wednesday, June 21, the VA made the announcement all veterans were waiting to hear. The VA would provide free credit monitoring for one year. There would be no cost to anyone on the list of names on the stolen laptop. The VA is now soliciting bids from companies who wish to provide the service. Veterans will be notified of the “opt-in” credit monitoring program by mid-August.

Back on Capitol Hill, Senator Craig’s amendment had been rewritten to make it plain that veterans would not have to pay for the credit monitoring service. Craig made that clear by stating, “But it won’t be free to taxpayers. It will cost millions of dollars to continue this effort.” Craig’s press release-of-the-day stated:  “…the final cost will be paid for in-full by the federal government and not by individual veterans.”

But, is that really true? Not if you read Senator Craig’s amendment. Craig has offered no funding to pay for the credit monitoring. So, the Craig amendment is nothing more than an unfunded mandate. The VA would be directed to provide a year of free credit monitoring but given no funds to carry out the program.

Senator Craig is not known as a free-spender when it comes to the VA. Earlier this year, speaking on the Senate floor, Craig fought emergency funding for the VA by stating that the agency had too much money. In opposing more VA funding Craig said, “It means that over $600 million they [VA] thought they would spend they are now not spending…This money, if it were allocated, will not get spent.” Craig never documented his claim that the VA had money it wasn’t spending. And, the concept seems unbelievable given the number of veterans waiting months and even years for necessary healthcare.

Where will the money for the credit monitoring come from? As of now, the VA has spent more than $14 million to run a call center and do a mass mailing. That meter is running to the tune of over $200,000 a day. VA Secretary Jim Nicholson told Congress that the...