U.S. lawmakers said Thursday they have learned of two more data breaches at the U.S. Department of Veterans Affairs (VA), even as the agency announced that law enforcement agencies had recovered stolen computer hardware containing the personal information of millions of U.S. military veterans.The House of Representatives Veterans Affairs Committee has learned of a May 5 incident in which a data tape disappeared from a VA facility in Indianapolis, Ind., and a 2005 incident in which a VA laptop was stored in the trunk of a car that was stolen in Minneapolis, Minn., said Rep. Steve Buyer, chairman of the committee.Also on Thursday, Pedro Cadenas Jr., the VA’s chief information security officer, submitted his resignation. Cadenas, at the VA since 2002, had also served as acting deputy chief information officer at the VA in recent months.Before the Thursday morning hearing, VA Secretary James Nicholson said law enforcement agencies had recovered a laptop and hard drive stolen from a VA analyst’s home in early May. The Federal Bureau of Investigation, after conducting forensics on the hardware, determined the personal data of 26.5 million veterans and their spouses was not accessed by the thieves, Nicholson later said. Buyer, an Indiana Republican, said he was surprised at Cadenas’ resignation, which comes on the heels of former VA CIO Robert McFarland’s resignation earlier this year. Nicholson said lawmakers should expect more resignations as he tries to overhaul the IT security practices at the agency.But the VA leadership has generally dismissed concerns raised by past CIOs and CISOs that the agency’s decentralized IT management structure hurts IT security, Buyer said. “Maybe the wrong people are leaving,” he said. However, Buyer and other committee members praised Nicholson for a plan that includes an overhaul of the agency’s IT department and a memo giving the VA CIO new authority. Nicholson’s response Thursday was a big change from the slow reaction following the data theft, Buyer said. “Mr. Secretary, you have stepped forward,” Buyer added. “You’re off your heels and on your toes.”Nicholson and other VA officials detailed the two other data breaches to the committee. The Indiana data tape contained information on more than 16,500 legal cases involving U.S. veterans, VA officials told committee members during a hearing on data security. The information could include veterans’ Social Security numbers, dates of birth and legal documents, VA officials said.In the Minnesota case, the laptop contained the personal information of 66 people, and two people later reported identity fraud problems, VA officials said.Buyer said the Indiana case concerned him because some of the facts paralleled the stolen laptop incident.Nicholson was told by assistants of the stolen laptop nearly two weeks after it happened, and he was told about the May 5 data tape incident on May 23 or 24, he said.Buyer and Rep. Bob Filner, a California Democrat, both questioned Nicholson’s decision to attempt to fire the analyst whose house was broken into. Filner brought documents to the committee showing the analyst had authorization to use VA software at home and to take laptops home. The analyst is facing a hearing to determine if the VA can fire him. Filner questioned Nicholson’s statements suggesting the analyst was guilty of gross negligence. “It seems to me that the gross negligence is in the policies,” he said.— Grant Gross, IDG News Service (Washington Bureau)For more information, read Data Theft at the VA. (CSOonline.com)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content BrandPost Retail innovation playbook: Fast, economical transformation on Microsoft Cloud For retailers, tight integration of data and systems is the antidote to a challenging economy. By Tata Consultancy Services Mar 24, 2023 3 mins Retail Industry Digital Transformation BrandPost How retailers are empowering business transformation with TCS and Microsoft Cloud AI-powered omnichannel integration and a strong, secure digital core lets retailers innovate across four primary areas while staying compliant, maintaining security and preventing fraud. By Tata Consultancy Services Mar 24, 2023 4 mins Retail Industry Cloud Computing BrandPost How to Build ROI from Cloud Migration This whitepaper and webcast can help you calculate the ROI and create a business case for modernizing your legacy applications to the Microsoft Cloud. By Tata Consultancy Services Mar 24, 2023 1 min Retail Industry Cloud Computing BrandPost How to power a sustainable enterprise on Microsoft Cloud In this eBook, we’ll follow the journey of Amal Skye, a fictitious woman who is committed to living in a way that preserves the planet for the future —and how businesses like Tata Consultancy Services and Microsoft are making that possi By Tata Consultancy Services Mar 24, 2023 1 min Retail Industry Green IT Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe