I'm sure this is all just an easily remedied mistake....
"I'm sure this is all just an easily remedied mistake...."
Which part? We might as well assume our personal data is out in the public domain. If its not the VA then its some other boneheaded outfit that doesnt want to spend the money or time to protect our data. More than likely each of us does business with a company that has outsourced something to India. That means your data is not secure on a global basis. There are things you can do to protect yourself but I personally think we should start a class action against the banks and credit reporting companies for making a system so easily abused.
Fixing the problems with the VA arent simple either. I have zero knowledge of the VA inner workings but in any organization these types of changes require significant investment and time to resolve.