The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
32°F
Current Conditions
Mist
View complete weather report

Color Scheme

Subscribe now

VA info will be difficult to access

Christopher Lee Washington Post

WASHINGTON – The sensitive personal information of 26.5 million veterans that was stolen from a Department of Veterans Affairs data analyst last month was stored in a format that could make it difficult for thieves to use, according to an internal VA memo.

In the May 5 memo, VA privacy officer Mark Whitney wrote that the critical data “may not be easily accessible” because most of it – including names, birth dates and Social Security numbers – was stored in a specialized format known as SAS (statistical analysis system) that is used for data manipulation and statistical analysis.

The format “requires specialized application software and training to write SAS code to access and manipulate the data for use,” Whitney wrote in the memo, obtained Wednesday by the Washington Post. “To effectively use the data in the SAS format, the thief would have to be trained in the use of SAS application software to include access to the software package which is expensive and be trained in writing SAS code.”

Ari Schwartz, deputy director of the nonprofit Center for Democracy and Technology, a privacy group, said Whitney is generally right that the information would be hard to extract. It would be easier, however, if the laptop stolen along with an external hard drive and several data disks has the SAS software needed to view the data, he said.

The Whitney memo, dated two days after the burglary at the analyst’s Aspen Hill, Md., home and distributed to several high-ranking VA officials, provides the first public indication that some addresses and telephone numbers were among the stolen data. Also stolen was an electronic spreadsheet with 6,744 records about “mustard gas veterans” – generally, veterans who took part in chemical warfare tests during World War II. Another stolen file contains as many as 10 diagnostic codes from the treatment file of one veteran who visited the VA health care system on 57 dates.

Matthew Burns, a VA spokesman, said the department has been “focused on getting notification to veterans that some of the most sensitive data was out there.”

Also Wednesday, VA Secretary Jim Nicholson announced that he had named Richard Romley, a former prosecutor from Maricopa County, Ariz., as his new special adviser for information security. Romley, a Marine Corps veteran, will evaluate the department’s computer security procedures and recommend improvements.

The move follows the resignation last week of Michael McLendon, a VA deputy assistant secretary who learned of the May 3 burglary within hours of the crime but did not immediately tell top-ranked officials. Nicholson announced Tuesday that the employee will be fired and that Dennis M. Duffy, who has been acting assistant secretary for policy and planning, had been placed on administrative leave. The employee worked in McLendon’s office, and Duffy was in charge of the division in which both worked.