It is perhaps the largest theft of Social Security numbers to date. And the victims, who once put their lives on the line for their country, appear to be getting even less compensation than most victims of data theft.
On Monday, the Veterans Administration announced that an employee had taken home data on 26.5 million veterans, and that data was stolen. It's a staggering amount, dwarfing other recent high-profile incidents at major U.S. firms like Citibank, ChoicePoint, and Bank of America. And yet, the support offered to victims by the VA is dwarfed by the support corporate America has offered in similar situations.
It's become standard practice for data leakers to offer free credit monitoring to victims, so they are able to watch their credit reports daily for signs of misuse. The services are available from the credit bureaus, and cost about $10 a month. Corporations that leak data and foot the bill usually get big discounts.
So far, the vets haven't been offered credit monitoring. Instead, the VA is reminding victims that they are entitled to a free copy of their credit report every year, and then basically wishing them good luck.
That's insufficient. For starters, vets who've already gotten their one free peek at credit bureau data this year cannot get a free report at AnnualCreditReport.com – they have to go through more complicated steps, and might end up paying for it.
Meanwhile, a single peek at their credit report today would probably reveal very little. Fraudulent accounts can take weeks or months to appear, meaning it would be better to take that one peek in a month or two. But even that's a tepid step at best to spy signs of identity theft after a data leak like this.
The only way to know something bad is happening to your credit is to look at it repeatedly, at about the same frequency that you look at your checking account statement. It's hardly a perfect solution and doesn't catch every instance of ID theft, but it's a solid start. Credit monitoring services give consumers that kind of access. ChoicePoint, LexisNexus, and nearly all other commercial entities that have lost data have offered credit monitoring to victims for 3, 6, even 12 months.
The VA should do the same. Anything less is neglectful.
There is hope the veterans' data was stolen by a burglar who simply wanted the hardware, according to the VA. In the best case scenario, the data has already been erased and the hardware pawned at a small shop. But assuming that best case is a bit naive, at a time when virtually every petty thief knows the data on a computer is often far more valuable that a computer itself.
Offering 26 million people a service that retails for $10 a month would obviously be a costly expense for the VA, and might eat into funding for other essential programs. That's where it's time for the VA, the Federal Trade Commission, and the credit bureaus to get creative. Hopefully, this incident will serve as a chance to re-examine the entire issue of consumer access to credit reports. Consumers should never have to pay the credit bureaus to see if they are victims of identity theft. Certainly, veterans shouldn't have to. And most certainly, veterans who know their Social Security numbers have been stolen shouldn't have to.
For now, veterans who want more information are being told to call 1-800-FED-INFO. Much more information is available at the FirstGov.Gov Web site. There's also detailed instructions on how to place a temporary fraud alert on credit reports at the Federal Trade Commission's Web site.