WASHINGTON — A federal judge questioned the Veterans Affairs Department’s computer security and ruled Friday that lawsuits can go forward over the theft of computer equipment containing data on 26.5 million veterans.

U.S. District Judge James Robertson dismissed several aspects of the case but said the three lawsuits sufficiently made the claim that the agency failed to safeguard personal information, as required by the Privacy Act.

“The government’s own evidence raises serious questions about the VA’s computer safeguards,” Robertson wrote, citing government reports that faulted the agency’s computer security years before the theft.

A laptop and hard drive were stolen last year during a burglary at the home of a Veterans Affairs employee. The equipment contained the names, Social Security numbers and birth dates of veterans discharged since 1975. It was the worst-ever breach of government data.

The equipment was later recovered and the FBI said the sensitive files were neither compromised nor accessed.

In the lawsuits, veterans said they suffered embarrassment, mental distress, emotional trauma and the threat of future identity theft. Some said they also had to pay for credit-monitoring services.

The Justice Department, which represents federal agencies in lawsuits, had asked the case be dismissed. Robertson agreed on some counts: He threw out claims of constitutional violations, said the theft did not qualify as an “unauthorized disclosure” under the Privacy Act and said only individual veterans — not organizations — can sue.

The lawsuits have been filed as potential class-action cases representing every veteran whose data was released.