WASHINGTON -- Personal data on about 2.2 million active-duty military, Guard, and Reserve personnel -- not just 50,000 as initially believed -- were among those stolen from a Veterans Affairs employee last month, the government said yesterday.
Jim Nicholson, Department of Veterans Affairs secretary, said the agency was mistaken when it said over the weekend that as many as 50,000 Navy and National Guard personnel -- and no other active-duty personnel -- were affected by the May 3 burglary.
In fact, names, birth dates, and Social Security numbers of as many as 1.1 million active-duty personnel from all the armed forces -- or 80 percent of all active-duty members -- are believed to have been included, along with 430,000 members of the National Guard, and 645,000 members of the Reserves.
``VA remains committed to providing updates on this incident as new information is learned," Nicholson said in a statement, explaining that it discovered the larger numbers after the VA and Pentagon compared their electronic files closely.
His announcement came soon after the Pentagon distributed a briefing memo to Congress that said the 50,000 figure cited over the weekend was understated.
The disclosure is the latest in a series of revisions by the government as to who was affected since publicizing the burglary on May 22. At the time, the VA said the stolen data involved up to 26.5 million veterans discharged since 1975, in addition to some of their spouses.
It also came as a coalition of veterans' groups charged in a lawsuit against the federal government yesterday that their privacy rights were violated by the theft. The class-action lawsuit, filed in US District Court in Washington, is the second suit since the VA disclosed the burglary two weeks ago.
Veterans advocates immediately expressed outrage.
``The magnitude of this data breach is simply breathtaking and overwhelming," said Representative Lane Evans of Illinois, the top Democrat on the House Veterans' Affairs Committee. He called for the Government Accountability Office, Congress' investigative arm, to launch an investigation and to get a full accounting of events .
Joe Davis, a spokesman for Veterans of Foreign Wars, said the VA must come clean after three weeks of ``this debacle."
``This confirms the VFW's worst fear from day one -- that the loss of data encompasses every single person who did wear the uniform and does wear the uniform today," he said.
The VA initially assumed its data would only include veterans, but upon closer investigation it realized it had records for active-duty personnel because they are eligible to receive VA benefits such as GI Bill educational assistance and the home loan guarantee program.
The VA previously has said that veterans discharged before 1975 might also be affected if they submitted claims.
The lawsuit filed yesterday demands that the VA disclose which military personnel are affected by the data theft and seeks $1,000 in damages for each person -- up to $26.5 billion total. The veterans are also seeking a court order barring VA employees from using sensitive data until independent experts determine proper safeguards.
``VA arrogantly compounded its disregard for veterans' privacy rights by recklessly failing to make even the most rudimentary effort to safeguard this trove of the personally identifiable information from unauthorized disclosure," the complaint says.
In response , the VA said that it is in discussions with credit-monitoring services to determine ``how veterans and others potentially affected can best be served" in the aftermath of the theft, said spokesman Matt Burns.