Veterans Health Administration Data Breach (2015)

This comes after a News 3 investigation into an instance in April when hundreds of Social Security numbers belonging to Wisconsin veterans were emailed to a random citizen from a federal VA.gov email address. Federal privacy laws and multiple VA regulations require all emails with personally identifiable information to be password-protected. Current VA software flags emails with 9-digit numbers separated by dashes, but not for 9-digit sequences that don't have dashes. In the U.S. military, since Vietnam, veterans' file numbers -- their identification numbers -- have been their Social Security numbers without dashes to separate the numbers. "The VA Inspector General needs to investigate whether the VA system and process effectively safeguards our veterans' personal information," wrote Baldwin in a statement emailed to News 3. "The accidental and unintended disclosure of personal information can put our veterans and their families at risk for fraud and identity theft, so we need to make certain that the VA has the tools in place to prevent that from happening." Earlier this spring, after the incident, Baldwin's office asked the VA Inspector General questions about the incident and was told the privacy breach sent by a Wisconsin Department of Veterans Affairs employee was a state issue and not a federal one. However, News 3 tested that premise, by asking six people located around the state of Wisconsin with VA.gov email addresses to send emails from that account to their personal or work email addresses including the words "Social Security Number" and a "123456789" sequence. When it was sent without dashes, each time, the email went through unabated. When the dashes were included, the sender received a "Message Blocked" message from the VA.gov server that included a directive to either "remove the SSN or encrypt the email" if they wanted it to go through. In her letter to the VA's Inspector General calling for the investigation, co-signed by Sen. Richard Blumenthal (D-Connecticut), who is the ranking Democratic member on the Senate Committee on Veterans' Affairs, Baldwin wrote, "While (the April incident) occurred in Wisconsin, we believe the issue is one of national importance and request you conduct a system-wide review of the Department's practice."