WASHINGTON (AP) – A Senate panel on Thursday approved $160 million to pay for credit monitoring for veterans, one of many expected payments as the government struggles with fallout from data breaches crossing several agencies.

Meanwhile, a House panel was cautioned that credit monitoring alone may not be enough to protect millions of veterans and nearly all active-duty military, Guard and Reserve members whose names, birth dates and Social Security numbers were taken May 3 from a Veterans Affairs employee’s home.

“The worst-case scenario is that the veteran’s file finds its way to a public distribution source, such as the Internet,” Mike Cook, a co-founder of a company specializing in data breaches, told the House Veterans Affairs Committee.

“If this happens, the stolen identities will lose their connection to the VA data breach and groups of fraudsters might actively trade that data among the fraud community,” Cook said. “More people might have access and could misuse those identities on a grander scale.”

The Senate Appropriations Committee approved the $160 million in emergency funds on a 15-13 vote; some Republicans objected because the VA has said it can use existing funds to pay for credit checks.

“I don’t think it’s acceptable to tell our veterans we lost your personal information, and by the way, we’re going to cut your health care to pay for it,” said Sen. Patty Murray, D-Wash., who sponsored the amendment to an agriculture spending bill.

On Wednesday, the VA announced it would provide free monitoring for a year, taking responsibility after the data was stolen in suburban Maryland.

so hire a contractor to do data analysis to help pinpoint identity theft; the agency, however, did not offer specifics, saying it wanted to see what bids they receive.

Noting “it’s not going to be cheap,” VA Secretary Jim Nicholson pledged not to take the money from current VA programs. So far, the department has already spent $14 million to set up a call center and notify veterans by letter, and it’s spending an additional $200,000 a day to maintain the call center.

The government moves come as several agencies in recent weeks have acknowledged similar data breaches. Late Wednesday, the Agriculture Department said a hacker broke into its computer system and may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors.

Like the VA, the Agriculture Department said it would offer free credit monitoring for a year to anyone who might have been affected.

During the House hearing Thursday, Cook said identity theft victims typically don’t become aware they’ve been hurt until six months after their data was stolen, when creditors come calling for money owed. At that point, it’s likely the thieves will have moved on – having made just a few purchases so they don’t attract notice – and started using another victim’s information.

As a result, a credit monitoring service would raise a red flag after it was too late, Cook said. He said data analysis technology was available to help identity theft as it occurs, particularly in the typical cases in which thieves use stolen identities to fraudulently obtain credit cards and then make purchases.

Rep. Steve Buyer, chairman of the House panel, said he believed the VA and Congress should consider additional safeguard measures – even if it means costing taxpayers more.

“The concern is, are we creating a false expectancy – that if the VA does credit monitoring, I am safe?” said Buyer, R-Ind. “I still have great fears.”

There have been no reports of identity theft so far from the VA data breach, one of the nation’s largest. But Nicholson acknowledged this week that authorities – who believe the burglars were not specifically targeting the sensitive data- are nowhere close to apprehending those responsible. The FBI also has noted that “unless the equipment is recovered, veterans will never be certain their personal information is safe.”

Earlier this month, the Health and Human Services Department discovered that personal information for nearly 17,000 Medicare beneficiaries may have been compromised when an insurance company employee called up the data through a hotel computer and then failed to delete the file.

And the Energy Department also reported that social Security numbers and other information for nearly 1,500 people working for the National Nuclear Security Administration may have been compromised when a hacker gained entry to the department’s computer system last fall. Officials said June 12 they had learned only recently of the breach.


Only subscribers are eligible to post comments. Please subscribe or to participate in the conversation. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.