The equipment was stolen May 3 during a burglary at the Maryland home of a Veterans Affairs employee. The laptop and hard drive were turned into the FBI June 28 by an unidentified person in response to a $50,000 reward offer.
The equipment contained the names, Social Security numbers and birth dates of veterans discharged since 1975, in what was the worst-ever breach of government data.
Jesus Alex Pineda, 19, and Christian Brian Montano, 19, both of Rockville, Maryland, were arrested early Saturday, Montgomery County police said.
Pineda was charged with first-degree burglary and theft over $500. Montano was charged with first-degree burglary, conspiracy to commit first-degree burglary, theft over $500, and conspiracy to commit theft over $500.
Police said charges were pending against a third male suspect who is a juvenile.
"I commend the FBI, Montgomery County Police, VA's Office of Inspector General and other law enforcement agencies for their professionalism and diligence throughout this investigation," Secretary of Veterans Affairs R. James Nicholson said in a statement. "Today's announcement that arrests have been made is good news."
Authorities said the suspects did not specifically target the VA employee's home in Aspen Hill, Maryland, and did not realize the hard drive contained veterans' information until the case was publicized.
Police did not have any information about attorneys for the suspects. A bond hearing could be held Monday at the earliest, officials said.
The VA announced last month that the FBI has determined with a high degree of confidence that the files were not compromised.
"While this arrest is good news, we were lucky that the data belonging to veterans was not accessed and misused," Rep. Steve Buyer, R-Ind., chairman of the House Veterans Affairs Committee, said in a statement.
"The vulnerability is real and with the help of Congress, VA must move forward with information security reform," said Buyer.
Congress is investigating the steps leading up to and after the theft. It also is pondering legislation to improve information security.