A Veterans Benefit Administration office in Boston sent 6,299 benefit summary letters to the wrong addresses in August, more than half of them containing complete social security numbers.

Of the letters, 3,936 contained all nine digits of someone else's social security number, and 2,386 contained the VBA claim number of veterans based in the state. That's according to an update on data breaches the VA sends to Congress each month. The report blames the incident on a programming error.

The contractor handling the mailings, Performance Analysis & Integrity, merged veteran data with old addresses, the report states. What's more, when the letters were folded into envelopes, the names of some veterans were not visible through the plastic window--increasing the likelihood that incorrectly mailed letters were opened.

"Realistically you would think that they were not actually opened, by the recipient that received them incorrectly. But we have no way of knowing, and so the right approach is to provide notification and credit monitoring to any of those veterans that would like it," said VA CIO Roger Baker during an Oct. 14 press call.

Since the breach, the VA has contacted all affected veterans to explain the potential breaches of privacy, offer VA-sponsored credit protection services and deliver the original benefits summary letter that was misdirected.

For more:
- listen to the press call
- see the VA's report for this month (.pdf)

Related Articles:
VA CTO: Disability claims process will be paperless within days
VA looks to IT improve its reputation, from the inside out
VA reports stolen laptops, BlackBerries and hints at health data policy changes
Audio: VA CIO Roger Baker's August IT report
VA hopes automation will ease claims-processing woes
Audio: VA CIO Roger Baker and Education Service Chief Keith Wilson on new automation system