A stolen laptop computer housing the personal data of 26.5 million veterans and about 2.2 million active duty personnel
has been recovered, nearly two months after it was stolen from the home of an employee from the U.S. Department of Veterans' Affairs (VA).
VA Secretary Jim Nicholson announced the find to reporters Thursday morning, before the start of another hearing of the House Veterans' Affairs Committee.
"There is reason to be optimistic," The Associated Press quoted him as saying. "It's a very positive note in this very tragic incident." He added the VA has received no reports of identity fraud since the May 3 burglary of the VA employee's home. The employee has since been fired.
While the laptop's recovery is a positive development, security professionals say the danger to veterans and active duty personnel is not over. Investigators will spend the next three to five weeks examining the laptop for evidence the data has been copied or exploited in any way.
"Finding the laptop will make people feel warm and fuzzy, but we still don't know the status of the data at this point," said Frank Kenisky, an information technical security specialist who works for the federal government. "How do we know the data hasn't been copied and sold?"
As a veteran, Mike Spinney said he takes no comfort in the laptop's recovery.
"The laptop's recovery really means nothing," said Spinney, principal of SixWeight, a strategic communications analysis and consulting firm based in Townsend, Mass. "The fact is, it's been almost two months where the data has been unaccounted for. In the digital age, it's very easy to copy data and do what you want with it. As a veteran, I still have concerns about that data being used for nefarious purposes."
The U.S. Department of Veterans Affairs confirmed in late May that records for every veteran discharged from the military since 1975 were stolen from the home of an agency employee . The VA later revealed the breach also put active duty personnel at risk for identity fraud.
Including the VA security breach, the Privacy Rights Clearinghouse (PRC) estimates that more than 88 million Americans have been put at risk for identity fraud since February 2005.
This article originally appeared on SearchSecurity.com