Thursday, June 29, 2006

VA worker had OK to access data from home

USA Today
VA worker had OK to access data from home

WASHINGTON (AP) — The Veterans Affairs worker faulted for losing veterans' personal information had permission to access millions of Social Security numbers on a laptop from home, agency documents obtained by The Associated Press show.

Separately, President Bush on Wednesday asked Congress for $160.5 million for credit monitoring for millions of veterans affected by the May 3 burglary. He proposed tapping dollars set aside but not used yet for food stamps, student loans and trade assistance for farmers.

The department's documents raise questions as to whether top officials condoned a practice that led to a theft with the potential to affect 26.5 million veterans and active-duty troops.

VA Secretary Jim Nicholson and others were to testify Thursday before a House committee investigating the government's largest security breach involving Social Security numbers.

The documents show that the data analyst, whose name was being withheld, had approval as early as Sept. 5, 2002, to use special software at home that was designed to manipulate large amounts of data.

A separate agreement, dated Feb. 5, 2002, from the office of the assistant secretary for policy and planning, allowed the worker to access Social Security numbers for millions of veterans.

A third document, also issued in 2002, gave the analyst permission to take a laptop computer and accessories for work outside of the VA building.

"These data are protected under the Privacy Act," one document states. The analyst is the "lead programmer within the Policy Analysis Service and as such needs access to real Social Security numbers."

The department said last month it was in the process of firing the data analyst, who is now challenging the dismissal.

VA officials have said the firing was justified because the analyst violated department procedure by taking the data home; they also said he was "grossly negligent" in handling sensitive information.

Lawmakers expressed dismay over the latest disclosure. They noted that the analyst immediately notified his supervisors after the theft from his suburban Maryland home, but supervisors delayed publicizing the crime until May 22. Nicholson was informed on May 16.

"The gross negligence in this case are the people above him," said Rep. Bob Filner, D-Calif., the acting top Democrat on the House Veterans' Affairs Committee. "They gave him express permission to take the information home. When it was stolen, he reported it right away."

"They're trying to pin it on this one guy, but I think it's other people we need to be looking at," he said.

A spokesman for the VA did not have immediate comment Wednesday.

Separately, the president asked in a letter to House Speaker Dennis Hastert, R-Ill., for the $160.5 million to help the VA cover the costs of credit monitoring and fraud watch services.

The money would be taken from programs in the departments of Agriculture, Health and Human Services, Labor, Transportation, Treasury and Veterans Affairs whose money would otherwise go unused or from programs previously set for elimination, according to Scott Milburn, spokesman for the Office of Management and Budget.

They include:

•$20 million from food stamp employment and training.

•$40 million from trade adjustment assistance for farmers.

•$6.7 million from health professions student loans.

•$49.1 million from the program, "Responsible Reintegration of Youthful Offenders."

•$9 million from "Next Generation High Speed Rail" program.

•$1.4 million from the Bureau of the Public Debt.

•$5.3 million from the Internal Revenue Service.

•$29 million from VA.

Some Democrats said money to pay for veterans' protection should not come at the expense of other programs.

"It's outrageous to first expose millions of Americans to credit fraud and identity theft and then to try to cut food stamps, student loans, and youth programs to pay for it," said Sen. Patty Murray, D-Wash. "This is a new problem that needs to be solved with new money."

Nicholson told lawmakers this week that the money would cover monitoring for about half of the 17.5 million people whose Social Security numbers were compromised. He said it also would pay for out-of-pocket expenses ranging from $10,000 to $20,000 for those whose identities are stolen.

No identity theft has been reported in connection with the computer theft.