A few days later, the VA decided that the 50,000 number was just a tad low. The new estimate: 2.2 million active-duty U.S. military people, including National Guard members and reservists.

Also last week, veterans groups filed a lawsuit asking for nearly US$30 billion for those whose personal data was exposed.

That's a big pile of money, even by Washington standards -- though it still comes to only $1,000 per person affected.

Meanwhile, more details of IT problems at the VA keep dribbling out. How did the active-duty personnel's names, dates of birth and Social Security numbers get mixed in with those of veterans? The first answer from the VA was that a fouled-up paperwork process classified some military personnel as veterans even though they had re-enlisted.

But last week, the agency said it routinely receives records for all active-duty personnel because they're eligible for benefits.