By DAVID STOUT and TOM ZELLER Jr. The New York Times
WASHINGTON, May 22 - Personal electronic information on up to 26.5 million military veterans, including their Social Security numbers and birth dates, was stolen from the residence of a Department of Veterans Affairs employee who had taken the data home without authorization, the agency said Monday.
The department said that there was no evidence any of the information had been used illegally and that whoever stole it, in a burglary of the employee's home this month, might be unaware of its nature or how to use it. The stolen data do not include any health records or financial information, the agency said.
But it was immediately clear from the sheer numbers involved, as well as the tone of the announcement and the steps taken in the aftermath of the theft, that the breach was deeply embarrassing to the agency.
"As a result of this incident, information identifiable with you was potentially exposed to others," Jim Nicholson, the secretary of veterans affairs, wrote in a letter being sent to the veterans who might be affected.
As measured by the number of people potentially affected, the data loss is exceeded only by a breach last June at CardSystems Solutions, a payment processor, in which the accounts of 40 million credit card holders were compromised in a hacking incident.
But in that breach, any exposure could be addressed by simply canceling those accounts. In the latest incident, three crucial keys to unlocking a person's financial life - name, Social Security number and date of birth - may have been set loose. Those cannot be canceled, and a clever thief can use them to begin trying to open new accounts, secure loans, buy property and otherwise wreak havoc on the victim's credit history.
...