Thousands of Pittsburgh area veterans may be at risk of identity theft after a desktop computer containing their personal data was reported missing from the office of a Veterans Affairs Department subcontractor.

VA Secretary James Nicholson said the computer may have contained information for as many as 38,000 veterans treated at VA medical centers in Pittsburgh and Philadelphia during the past four years.

The data on the computer were patients' names, addresses, Social Security numbers, dates of birth, insurance carriers and billing information, dates of military service, and claims reports that may include medical information.

Mr. Nicholson, in a statement released yesterday from VA headquarters in Washington, D.C., said the computer was in the Reston, Va., offices of a subcontractor, Unisys Corp., which had been hired to assist the VA in insurance collections.

Unisys officials reported the situation to the VA Thursday and a team of investigators was "immediately dispatched," Mr. Nicholson said, "to assist in the search for the missing computer and to help determine the precise nature of the information it may have contained."

Those involved in the investigation include the VA's inspector general, the FBI and local law enforcement officers, he said, as well as the Department of Homeland Security's Computer Emergency Response Team. Members of Congress also were contacted.

The VA said that although the investigation was in an early stage, it appeared that the records involved were those of 5,000 patients treated at the VA Medical Center in Philadelphia and about 11,000 patients treated at the Pittsburgh VA Medical Center on Highland Drive. There also was a possibility that the desktop contained information on about 2,000 deceased patients and another 20,000 people who received care at the Pittsburgh medical center.

Local VA officials referred all questions to VA headquarters.

The disclosure comes after a string of recent data breaches at the VA, including the May 3 theft of 26.5 million veterans' personal data from a VA employee's home in suburban Maryland. The laptop and external drive containing that information have since been recovered, and two teens were arrested Saturday as part of what appeared to be a routine burglary.

VA officials came under criticism, not only for the breach, but for delays in reporting the loss to top administrators and to Congress. It was almost three weeks before the public learned that personal data had fallen into the hands of thieves.

Mr. Nicholson and others in the VA vowed to address security concerns, yet in recent weeks the VA also has acknowledged losing sensitive data for more than 16,000 veterans in at least two other cases in Minneapolis and Indianapolis.

Some lawmakers yesterday responded harshly to news of the latest breach.

"I am absolutely appalled that another computer containing the personal information of veterans has gone missing," said U.S. Sen. Rick Santorum, R-Pa. "Those responsible must be held accountable and the VA clearly needs to do a better job of overseeing its contracting entities."

U.S. Rep. Lane Evans of Illinois, the top Democrat on the House Veterans' Affairs Committee, called it "yet another wake-up call."

"Today's announcement by the VA that sensitive personal information of veterans was compromised by a VA subcontractor last week confirms that the VA must move quickly to protect the information it maintains on veterans and their families," he said.

Mr. Nicholson said, "The VA is making progress to reform its information technology and cyber security procedures, but this report of a missing computer at a subcontractor's secure building underscores the complexity of the work ahead as we establish VA as a leader in data and information security."

Ted Davies, a managing partner at Unisys, said a company employee who regularly used the desktop computer reported it missing July 31. Company officials then scoured the building three times and sought to determine what data were lost before reporting it to the VA.

The computer was located in a building with security guards and on a floor where security cards are required for access, and there were no signs of a break-in, he said. The office PC was in a cubicle and was password protected, but the data was not encrypted.

"This is a high priority for our company to determine what happened," Mr. Davies said.

Mr. Nicholson said Unisys officials were cooperating fully with the investigation and working to notify veterans who might be affected. There also will be help for veterans wishing to monitor their credit, he said.

VA spokesman Matthew Burns said veterans should be vigilant "and carefully monitor bank statements, credit card statements, and any statements relating to recent financial transactions, and to immediately report any suspicious or unusual activity."