The private information of between 10,000 to 20,000 "certain National Guard and Reserve personnel who are on at least their second federalized active duty call-up could potentially be included," according to a statement from the U.S. Department of Veterans Affairs, which added that the department has also hired forensic experts.
A computer containing the data was stolen from the Aspen Hill, Va., home of a VA employee on May 3. The VA and the FBI have launched an investigation into the incident.
The personal data of between 25,000 and 30,000 active-duty Navy personnel may also have been affected by the breach, specifically members who completed their first enlistment term prior to 1991.
"I have made it clear since learning of this incident that, as soon as VA learns any new information, the department has a duty to immediately inform those personally affected," said VA Secretary R. James Nicholson in a statement released on Saturday. "VA continues to conduct a complete and thorough investigation into this incident, and those efforts are providing additional details about the nature of the data that may be involved."
A personnel shake-up at the department followed the incident, with one deputy assistant secretary resigning and an acting assistant secretary being placed on administrative leave. Days earlier, Nicholson told members of Congress that he was "mad as hell" that he wasn’t notified of the breach earlier.
The Federal Trade Commission (FTC) has warned veterans to be on the lookout for email-based scams taking advantage of the breach.
The agency told affected veterans to keep a tight grip on Social Security and credit card numbers, as well as passwords and other sensitive personal information.
Phishers would send emails to veterans pretending to be from a well-known company, asking recipients to verify personal information. Email users would then be sent to a malicious, but realistic looking, website.
The FTC gave affected veterans the following advice:
- Veterans should not give out personal information by phone, mail or email.
- Veterans should not click on links in unsolicited emails.
- VA and other government agencies do not contact people by email or telephone about personal information.
The FTC also made a list of tips for avoiding phishing available on its website.
More information is available on the Department of Veterans Affairs Web site, http://www.va.gov, or on http://www.firstgov.gov under "Veterans Information." Information also is available by phone from 8 a.m. to 9 p.m. EDT Monday through Saturday by calling 1-800-FED-INFO (800-333-4636).