Pryor Probes Veterans Administration about Stolen Records
Senator Mark Pryor today said the personal information of 26.5 million veterans should never have been compromised, and he urged his Senate colleagues to move ahead with his "security freeze" legislation that would protect individuals when such security breaches do occur.
During a joint hearing by the Senate's Homeland Security and Governmental Affairs Committee and the Veterans Committee, Pryor criticized the Veterans Administration (VA) for its lax security that has now led to a missing disk full of veterans' names, social security numbers and dates of birth. Pryor said he was also alarmed the VA waited three weeks before informing the public about the theft, the largest unauthorized disclosure ever of Social Security data.
Veterans affected by the security breach, primarily those discharged after 1975 and some of their spouses, can call a toll-free hotline 800-333-4636, to learn more information.
"Identity theft is a serious concern, costing consumers time and money to fix. The fact that millions of veterans are now at risk because of a government mistake makes this breach all the more troubling. It's critical the VA and law enforcement take immediate steps to mitigate any further anxiety or damage created by this incident," Pryor said.
Pryor added that while there have not been reports of identity theft resulting from the stolen disk, veterans should have a better way to protect themselves instead of having to collect credit reports and keep a careful eye on their credit in the future. He asked Senate leadership to expedite plans for the full Senate to consider S.1408, the Identity Theft Protection Act. A major component of this legislation is Pryor's "security freeze" initiative, which would allow any individual the option to place a freeze on their credit records thereby preventing businesses and potential thieves from looking at their credit files and opening up new accounts in their victim's names. If the consumer applies for credit, he or she may lift the freeze temporarily so the application can be processed. S.1408 was passed by the Commerce Committee on December 8, 2005, and has since been awaiting consideration by the full Senate.
"This latest security breach by the VA is an example of why consumers should have control over their own personal financial information, and why Congress must pass meaningful identity theft protections," Pryor said. "If these veterans had the ability to fully protect themselves with a "security freeze," we could all rest a lot easier."
Senator Pryor submitted his full opening statement into the hearing record.
Chairman Collins and Chairman Craig, Ranking Lieberman and Ranking Member Akaka, I would like to thank you for holding this very important hearing on the data breach of personal information at the Department of Veteran's Affairs.
On May 3rd, as many as 26.5 million veterans' names, birth dates, and social security numbers were stolen from the home of a Department of Veterans Affairs (VA) employee. This represents the largest unauthorized disclosure ever of Social Security data
I find it very disturbing that the personal information of this large number of American veterans has been potentially compromised. I find it even more disturbing, and frankly alarming, that the VA waited over three weeks to notify the public of this very large breach.
For years the VA Inspector General has criticized the department for its lax information security, and for years nothing has been done to fix the problem. It is incumbent on the VA, other government agencies, and the business community to do everything they can to guard that personal information from those who would use it for ill will. Clearly, this is not happening.
In 2005 alone there were 151 breach incidents affecting 57.7 million Americans. So far in 2006, there have been nearly 80 large breaches. Nationwide, 27.3 million Americans over the past five years have been victims of identity theft, costing them over $5 billion at an average of $5,686. Similarly, the cost to businesses and financial institutions has been in excess of $48 billion. In my home state of Arkansas, there was a 15% increase in identity theft cases in 2005-a record total of over 1,600 Arkansans had their identity stolen.
Since businesses and government agencies have not always acted responsibly, the Congress has a responsibility to put a stop to security breaches and ID Theft. To say this is a problem that needs to be addressed by the United States Congress is a gross understatement; it is an epidemic that must be confronted with a strong response.
Identity theft should not be a cost of doing business for American companies and American consumers should not have to constantly worry that someone will open new credit in their name. It is my hope that Congress will act swiftly. Last year I introduced S. 1336, legislation that would provide consumers with the option of placing a "security freeze" on their credit account to prevent thieves from opening new credit accounts in their victims' names. The security freeze is voluntary and different than a Fraud Alert, and consumers would have the option of thawing the freeze in advance of applying for new credit. This concept was included in legislation the Commerce Committee approved last July, S. 1408, the Identity Theft Protection Act
This latest incident should serve as a reminder to my colleagues that we need to pass meaningful identity theft legislation this year. I encourage my colleagues to support that effort, and I call on Senator Frist and Senator Reid to schedule floor time for this important legislation. American consumers cannot wait for another large breach of their information.