An FBI investigation is underway to determine the whereabouts of a lost U.S. Department of Veterans Affairs external hard drive that likely held personal information on nearly 50,000 veterans.
The VA said Friday that a government-owned, portable drive used by an employee to back up data at a VA facility in Birmingham, Ala., had gone missing and may have been stolen.
The device, which may have contained personal information on as many as 48,000 veterans and research project data, was reported missing Jan. 22. According to The Associated Press, Rep. Spencer Bachus, R-Ala., said that as many as 20,000 of the records on the device were not encrypted.
In a statement, Secretary of Veterans Affairs Jim Nicholson said the VA's Office of Inspector General is working with the FBI to conduct a thorough investigation, and the VA's Office of Information and Technology is conducting its own investigation.
"We intend to get to the bottom of this," Nicholson said, "and we will take aggressive steps to protect and assist anyone whose information may have been involved."
The VA said it intends to notify affected individuals and offered to pay for a year's worth of credit monitoring for anyone whose information is compromised.
For the VA, the incident represents the latest embarrassment in a cavalcade of failed efforts to protect its sensitive information. In a widely publicized incident last May, the VA suffered the theft of a laptop and external hard drive containing personally identifiable information on 26.5 million veterans and active-duty military personnel.
The VA laptop was found approximately a month later and law enforcement officials believe that none of the sensitive data was even accessed by the thief. However, the VA's handling of the incident and slow response led to an internal investigation that resulted in a scathing report from the department's Office of the Inspector General.
Then in August, a computer with the personal information of as many as 16,000 U.S. veterans was stolen from the office of Unisys Corp., a contractor that was conducting insurance collections for the VA. Soon after, the VA announced a plan to have all its laptop computers use encryption technology within four weeks, with desktop computers soon to follow.