VA deputy resigns, as list of data on stolen laptop grows longer

On Tuesday, Veterans Affairs Deputy Assistant Secretary Michael McLendon resigned his position in response to the growing storm over his apparent delay in informing top VA officials or the FBI regarding the laptop that was stolen from a VA data analyst’s home early in May. The laptop contained information – such as birth dates, Social Security numbers, and other highly personal data – for 26.5 million veterans.

“Given that this serious and tragic event occurred on my watch and in my organization, I feel it necessary that I tender my resignation,” said McLendon, in a statement to the VA last week. “I would be modeling the wrong behavior to my staff and others in the VA if I took no action to be responsible.”

McLendon’s head is not the only one to roll. The data analyst who took the computer home will also be let go. Also, Dennis Duffy the acting head of the division for which the data analyst worked has been placed on administrative leave, the AP reports.

Certain veteran’s groups this week have voiced concern that McLendon and the data analyst will be scapegoats for a situation that involved the errors of many people who should be held accountable, the AP reports.

In another development, a number of VA memos circulated after the May 3 burglary indicate that data stolen from the laptop also included some phone numbers and addresses, according to the AP reports.

Also according to the memos, among the electronic files stolen from the laptop were some diagnostic codes indicating diagnostic conditions for a few thousand World War II veterans. However, due to the type of format used to store the information, breaking into the files could prove difficult, the AP reports.

In related news, Congressional lawmakers last week grilled Veterans Affairs Secretary Jim Nicholson regarding the laptop incident.  Nicholson in his testimony largely sought to deflect responsibility for the huge security lapse that allowed for the laptop to be stolen, as well as the reported nearly three week delay it took for the FBI to be notified of the situation, the Los Angeles Times reports.

Nicholson claimed to be “mad as hell” at the data analyst who took the laptop home and equally annoyed at his deputy secretary, Gordon Mansfield, who had not told him of the breach in security for two weeks, he said.

Neither Congress nor Veteran’s groups were impressed by his response. The largest of all the groups, The Veterans of Foreign Wars, was particularly displeased with the VA’s seemingly lackluster response to the situation which basically includes a recommendation to veterans to check credit reports regularly, the Los Angeles Times reports.           

"Telling 26.5 million veterans to deal with this as individuals is a totally unacceptable response," wrote James Mueller, national commander, VFW, in an e-mailed statement. "We strongly suggest that the federal government start figuring out a way to deal with this problem computer-to-computer between the VA, national credit bureaus and other national institutions."

Doing what Mueller demands will cost tax payers big. First, there is the matter of formally notifying affected veterans by mail which could cost up to $11 million. Even greater will be the cost of preventing and covering potential identity theft and damage to credit histories and other problems which Nicholson stated could cost "way north of $100 million" and possibly as much as $500 million, the Los Angeles Times reports.

White House representatives and as well as VA officials have emphasized that thus far no records have been as yet compromised and that the FBI is making every effort to get them back.

More recently, the VA also announced plans to implement stricter security measures, including the possible encryption of sensitive data and new security guidelines for remotely accessing data within the VA system. Additionally, the VA promises to do an analysis/audit of employees with access to highly sensitive information and make a judgment as to whether that access is warranted. Moreover, employees will be required to take courses that will test their understanding of data security.

Additionally, an investigation is underway regarding the VA’s policies on security and privacy. The investigation is being coordinated by the VA Inspector General George Opfer.