Two US teenagers were arrested last weekend for stealing a Veterans' Administration laptop, an incident that proved a major security flap and brought calls for improved information security legislation.

A thief stole the laptop from the Virginia home of a worker at the Department of Veterans Affairs (VA) during the course of a burglary in early May. At the time, VA officials were quick to blame the data analyst involved for violating agency policy in taking the laptop home. However, it has since emerged that the worker, who was placed on administrative leave during the course of an inquiry, had written permission to take the sensitive data away from VA offices in order to work from home.

Information held on the laptop included the names, dates of birth and Social Security numbers of approximately 26.5m former and acting US servicemen and women dating back to 1975. VA officials went public to warn veterans of the incident. FBI and local law enforcement officials were involved in investigating the security breach.

The laptop and its hard drive ended up for sale on a "black market" near a subway station near Wheaton outside of Washington DC and returned to the authorities by an unidentified woman at the end of June. A preliminary investigation by FBI officials suggests that data has not been accessed since the laptop was stolen, easing fears that the exposed data might have fallen into the hands of identity thieves.

A phone tip-off led to the arrest on Saturday of two suspects, both from Rockville, Maryland: Christian Brian Montano, 19, and Jesus Alex Pineda, 19. Each faces burglary and theft charges, the AP reports. An unnamed male suspect also faces possible charges over the alleged theft, which police describe as a random burglary not motivated by thoughts of profiting from identity theft. ®