• United States



by Dave Gradijan

VA Official Resigns Due to Data Theft

May 31, 20063 mins
CSO and CISOData and Information Security

Michael H. McLendon, the Department of Veterans Affairs (VA) deputy assistant secretary for policy who did not immediately notify top department representatives of the May 3 theft of sensitive personal information on 26.5 million U.S. veterans, has decided to resign, the Associated Press reports via

McLendon, who supervised the data analyst who took home the sensitive data without the appropriate approval, said on Tuesday that he will step down at the end of the week, according to the AP. He is the first high-level department member to leave since VA Secretary Jim Nicholson said he would hold the appropriate people responsible for the lost data, which was stolen from the analyst’s suburban Maryland residence, the AP reports.

The following is from a letter McLendon wrote to the VA last Friday, which was obtained by the AP:

“Words are inadequate to describe how I feel about these recent events and the impact on the band of brothers and sisters of service members and veterans that we are supposed to serve.

“Given that this very serious and tragic event occurred on my watch and in my organization, I feel it necessary that I tender my resignation. I would be modeling the wrong behavior to my staff and others in VA if I took no action to be responsible.”

The VA did not immediately respond to the AP’s request for comment.

McLendon is stepping down as his department comes under fire from critics and lawmakers alike, for its nearly three-week delay in notifying the public of the early May data theft. VA Secretary Nicholson was not notified of the breach until May 16, according to the AP, though McLendon did alert other officials, who then passed the news on to the department’s number-two leader, Deputy Secretary Gordon Mansfield, a week after the security breach on May 10.

The VA inspector general’s office heard the news via office gossip that same day, and it initiated the department’s first formal action to address the theft, the AP reports. It was not until May 22 that the public was notified.

The breach is the nation’s second largest ever, behind the June 2005 data breach at CardSystems Solutions, in which personal information on some 40 million people with credit cards was compromised, according to the AP.

For related news coverage, read VA Data Theft Could Cost Taxpayers $500M, Gov’t Source: Vet Data Theft Kept Quiet for Nearly 3 Weeks, and Data on 26.5M Veterans Stolen from VA Staffer’s Home.

Keep checking in at our CSO Security Feed page for updated news coverage.

-Compiled by Al Sacco