The Veterans Affairs Department agreed Tuesday to pay $20 million to veterans for exposing them to possible identity theft in 2006 by losing their sensitive personal information.
In court filings Tuesday, lawyers for the VA and the veterans said they had reached agreement to settle a class-action lawsuit originally filed by five veterans groups alleging invasion of privacy. The money, which will come from the U.S. Treasury, will be used to pay veterans who can show they suffered actual harm, such as physical symptoms of emotional distress or expenses incurred for credit monitoring.
U.S. District Judge James Robertson in Washington must approve the terms of the settlement before it becomes final.
"This settlement means the VA is finally accepting full responsibility for a huge problem that continues to worry millions of veterans, retirees, service members and families," said Joe Davis, spokesman for Veterans of Foreign Wars, which was not involved in the lawsuit.
VA spokesman Phil Budahn said: "We want to assure veterans there is no evidence that the information involved in this incident was used to harm a single veteran."
The lawsuit came after a VA data analyst in 2006 admitted that he had lost a laptop and external drive containing the names, birth dates and Social Security numbers of up to 26.5 million veterans and active-duty troops.
The laptop was later recovered intact, but a blistering report by the VA inspector general faulted both the data analyst and his supervisors for putting veterans at unreasonable risk. The data analyst had lost the information when his suburban Maryland home was burglarized on May 3, 2006, after taking the data home without permission.
The VA employee promptly notified his superiors, but due to a series of delays, veterans were not told of the theft until nearly three weeks later, on May 22. Then-VA Secretary James Nicholson later said he was "mad as hell" that he wasn't immediately told about the burglary.