28,000 U.S. Navy Sailors Social Security Numbers Posted on Civilian Website
Sailors' Social Security Nos. on Web Site
WASHINGTON (AP) - The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian Web site.
The Navy said Friday the information was in five documents and included people's names, birth dates and Social Security numbers. Navy spokesman Lt. Justin Cole would not identify the Web site or its owner, but said the information had been removed. He would not provide any details about how the information ended up on the site.
Cole said there was no indication so far that the information was used illegally, but individuals involved were being contacted and encouraged to monitor their bank accounts and credit cards.
Meanwhile, the General Accountability Office said it removed archival records from its Website this week containing some personal identifying information of fewer than 1,000 government workers. The data included some individual names and Social Security numbers.
The breach regarding the Navy comes amid a rash of government computer data thefts, including one at the Agriculture Department earlier this week in which a hacker may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors.
As many as 26.5 million veterans and current military troops may have been affected by the theft of a laptop computer containing their Social Security numbers and birth dates. The computer was taken from the home of a Veterans Affairs Department employee in early May, and officials waited nearly three weeks before notifying veterans on May 22 of the theft.
As many as a half dozen federal agencies have been affected by computer data losses in recent months.
In a letter Friday to Defense Secretary Donald H. Rumsfeld, one member of Congress asked for details on the Navy incident, and questioned whether the Defense Department will make sure a free credit help is provided for those affected.
U.S. Rep. Edward Markey, D-Mass., said he had asked Rumsfeld two years ago about the implications of federal agencies outsourcing data collection and processing activities. While there is no indication that outsourcing was the problem in the Navy case, Markey said he wants to know what effect that would have on the security of information on military personnel.
The Naval Criminal Investigative Service is investigating the breach. The initial discovery was made by the Navy Cyber Defense Operations Command, which routinely monitors the Internet for such problems.
The Navy said individuals can place a 90-day fraud alert on their credit reports, and provided information on companies to contact. Cole said there has been no decision made yet on whether the Navy will pay for credit monitoring.
Information on how to watch for suspicious activity can be found at the Navy Personnel Command's Web site, .http://www.npc.navy.mil
Experian, one of the credit report providers, has on their website VA Assistance:
If you received a notice about the Department of Veteran's Affairs announcement that your personal identifying information may have been compromised, Experian offers special services that may help protect your personal identification information from being used fraudulently.
VA is working with law enforcement agencies to investigate a burglary in which computer disks were stolen that contained the personal identifying information of some veterans. While the VA stresses that they have no reason to anticipate misuse of this information, they have advised impacted veterans to take precautions, such as monitoring your accounts for suspicious activity.
You also may want to add a temporary fraud alert to your credit file to alert anyone who reviews your file that you have reason to suspect fraud. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you. It also may delay your ability to obtain credit. We will share your request with the other national credit reporting agencies, Equifax and Trans Union, so you will not need to contact each agency separately.
Add an alert and view a free copy of your personal credit report.
For added peace of mind, Experian can monitor your three national credit reports for any key/important changes. This way, you will know within 24 hours if there are any important changes to your credit reports. It's quick and easy to sign up! Simply go to the website Triplealert.com to enroll and start enjoying the added peace of mind of credit monitoring.
This started with the following:
In May 2006, the Department of Veterans Affairs (VA) learned that an employee, a data analyst, took home electronic data from VA that was stored in his home on a laptop computer and external hard drive. He was not authorized to take this data home. This behavior was in violation of VA policies.
The employee's home was burglarized and the computer equipment, along with various other items, was stolen. The electronic data stored on this computer included identifying information for millions of veterans. Authorities believe the computer equipment, rather than any data on it, was the target of the theft. It is possible the perpetrators remain unaware of the information that they possess or of how to make use of it. However, out of an abundance of caution, VA is taking all possible steps to protect and inform all veterans, servicemembers, and reservists potentially affected.
What action has been taken against this employee or his supervisor?
The employee is cooperating fully with the investigation. The employee was initially placed on administrative leave, and VA is implementing procedures necessary to dismiss the employee. Also, the official responsible for the organization in which this employee served has resigned his position because of the events.
What information was included?
The data lost is primarily limited to an individual's name, date of birth, and social security number. In some cases, spousal information may have been included. However, this information alone may be useful to identity thieves, and we recommend that all veterans, servicemembers, and reservists be extra vigilant in monitoring for signs of potential identity theft or misuse of this information. Importantly, the affected data did not include any of VA's electronic health records or any financial information.
How do I know if information about me was stolen?
At this point, we do not have information available to confirm the specific individuals whose personal information may have been included in this data loss. VA just recently identified through a data match with the Department of Defense (DoD) that information on approximately 2.2 million servicemembers and reservists was also included on the lost data file. The investigation is ongoing.
Letters are being released to the affected individuals beginning on June 3. Because of the number of affected individuals, the letters will be released over a period of about two weeks. Those who have been affected should expect to receive a letter by June 15. This timeframe may vary by a few days based on postal service schedules for mail delivery.
Were active-duty and National Guard/Reserve members included?
Working with the DoD, VA has determined that the data stolen on 26.5 million individuals included information on active-duty military personnel. Initially, it was thought that approximately 50,000 active duty, National Guard, and Reserve personnel might have been involved.
However, as the two agencies compared electronic files, VA and DoD learned that personal information on as many as 1.1 million military members on active duty, 430,000 members of the National Guard, and 645,000 members of the Reserves may have been included in the data theft.
VA receives records for every new accession and military enlistee because active-duty personnel and National Guard and Reservists are eligible to receive certain VA benefits, such as GI Bill educational assistance and the home loan guaranty benefit.
What should I do to protect myself? Do I have to close my bank account or cancel my credit cards?
At this point there is no evidence that any missing data has been used illegally. However, VA is asking all veterans to be extra vigilant and to carefully monitor bank statements, credit card statements, and any statements relating to recent financial transactions, and to immediately report any suspicious or unusual activity.
For tips on how to guard against misuse of personal information, visit the Federal Trade Commission website at http://www.ftc.gov/.
You do not have to close your bank account or cancel your credit cards. You should, however, take steps to protect yourself against identity theft.
One way to monitor your financial accounts is to review your credit report. By law you are entitled to one free credit report each year. Request a free credit report from one of the three major credit bureaus – Equifax, Experian, TransUnion – at www.AnnualCreditReport.com or by calling 1-877-322-8228.
What do you mean by suspicious activity?
Suspicious activities could include the following:
* Inquiries from companies you haven't contacted or done business with
* Purchases or charges on your accounts you didn't make
* New accounts you didn't open or changes to existing accounts you didn't make
* Bills that don't arrive as expected
* Unexpected credit cards or account statements
* Denials of credit for no apparent reason
* Calls or letters about purchases you didn't make
What should I do if I detect a problem with any of my accounts?
The Federal Trade Commission recommends the following four steps if you detect suspicious activity:
Step 1 – Contact the fraud department of one of the three major credit bureaus:
* Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
* Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, Texas 75013
* TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
Step 2 – Close any accounts that have been tampered with or opened fraudulently.
Step 3 – File a police report with your local police or the police in the community where the identity theft took place.
Step 4 – File a complaint with the Federal Trade Commission by using the FTC's Identity Theft Hotline:
* By telephone: 1-877-438-4338
* Online at www.consumer.gov/idtheft
* By mail at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington DC 20580.