Found via PogoWasRight.org.
The media is reporting that the Department of Veterans Affairs has agreed to pay $20 million to settle a class action lawsuit stemming from a 2006 data security breach. In May 2006, an unencrypted laptop and hard drive containing sensitive data on 26.5 million current military personnel, veterans, and their spouses were stolen from a Veterans Affairs’ employee’s home.
The federal government continues to be plagued by bad data security practices. The latest Computer Security Report Card (pdf) released by the House Committee on Oversight and Government Reform gave the federal government a “C” for its overall computer security. The federal government has been embarrassed by a string of losses (pdf) or thefts of unencrypted computing devices, yet a July report (pdf) from the GAO that found more than 70 percent of the federal government’s mobile devices were unencrypted at the time of the review.
The Associated Press reports that the $20 million settlement will come from the U.S. Treasury and “will be used to pay veterans who can show they suffered actual harm, such as physical symptoms of emotional distress or expenses incurred for credit monitoring. […] veterans who show harm from the data theft will be able to receive payments ranging from $75 to $1,500. If any of the $20 million is left over after making payments, the remainder would be donated to veterans’ charities agreed to by the parties, such as the Fisher House Foundation Inc. and The Intrepid Fallen Heroes Fund.”