Down After Theft
WASHINGTON -- A Veterans Affairs deputy assistant secretary who didn't immediately notify top officials about a theft of 26.5 million veterans' personal information is stepping down, citing missteps that led to the security breach.
Michael H. McLendon, deputy assistant secretary for policy who supervised the VA data analyst who lost the data, said he would relinquish his high-level post on Friday.
The data analyst also will be dismissed while the acting head of the division in which he worked, Dennis Duffy, has been placed on administrative leave, VA Secretary Jim Nicholson said Tuesday.
McLendon is the first official to depart after Nicholson pledged to hold officials accountable following the May 3 burglary, in which a laptop computer and disks were stolen from an agency analyst's home in Maryland.
"Words are inadequate to describe how I feel about these recent events and the impact on the band of brothers and sisters of service members and veterans that we are supposed to serve," McLendon wrote in a letter obtained Tuesday by The Associated Press.
"Given that this very serious and tragic event occurred on my watch and in my organization, I feel it necessary that I tender my resignation," stated the letter, which was submitted to the VA late Friday. "I would be modeling the wrong behavior to my staff and others in VA if I took no action to be responsible."
The resignation comes as the VA is under attack for a three-week delay in publicizing the burglary in what has become one of the nation's largest security breaches. During hearings last week, Nicholson said he was "mad as hell" that employees did not notify him of the May 3 burglary until May 16; the public was told on May 22.
On Tuesday, Nicholson announced that he had named Paul Hutter, the current assistant general counsel for management and operations, as interim head of VA's Office of Policy and Planning, filling Duffy's spot.
Hutter will lead the department "in light of recent, unacceptable events within VA's Office of Policy and Planning" while the Senate considers the recent nomination of Patrick W. Dunne to the post, Nicholson said.
According to congressional testimony, the VA data analyst immediately informed his supervisors _ including McLendon _ after the theft of a laptop and disks that contained veterans' birthdates, Social Security numbers and disability ratings at the data analyst's home in Aspen Hill, Md.
At the time, the data analyst took responsibility and acknowledged he had violated agency procedures by taking the information home, according to a VA briefing paper given to Congress.
McLendon informed other officials, who then told Deputy Secretary Gordon Mansfield, the agency's No. 2 official, on May 10. But no formal action was taken until the VA inspector general's office heard about the theft through office gossip on May 10 and began a separate investigation.
On Tuesday, some veterans' groups said it was appropriate that McLendon stepped down. But they expressed concern that he and the midlevel data analyst _ who has been placed on administrative leave pending the investigation _ would be made scapegoats, citing a complete communications breakdown in the agency.
"We can't be blaming this whole thing on some data analyst and his boss," said Bob Wallace, executive director of Veterans of Foreign Wars. "There are many more individuals in this chain of command that I hope would be held accountable."
The breach is second only to a hacking incident last June at CardSystems Solutions in which the accounts of 40 million credit card holders were compromised.