Active-duty soldiers' data also stolen in Veterans Affairs theft

By SearchSecurity.com Staff 07 Jun 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

New information revealed Tuesday suggests that the personal information of active-duty armed forces personnel has been compromised as part of the ongoing Veterans Affairs data theft scandal.

U.S. Department of Veterans Affairs officials said yesterday that the names, Social Security numbers and dates of birth of about 2.2 million active-duty, National Guard and Reserve troops were likely stored on the same computer that was stolen from a VA employee's home last month. That device contained information on 26.5 million U.S. veterans.

The VA admitted earlier that the names of about 50,000 active-duty troops may have been involved, but came forth with the larger number after comparing its electronic records with those of the Pentagon.

More specifically, officials said the personal information involved as many as 1.1 million active-duty soldiers, 430,000 National Guard members and 645,000 Reserves troops.

This is the latest revelation in a widely publicized incident that refuses to go away. The VA confirmed May 22 that records for every veteran discharged from the military since 1975 were stolen from the home of an agency employee. The records contained the names, Social Security numbers and dates of birth of the veterans and some spouses.

Security experts have said the incident shows that public and private organizations must do more to protect the information they keep and that Congress must offer stronger guidance.

"This should be a major wake-up call that one small event can have a potentially dramatic impact on millions of lives," Paul Kurtz, executive director of the Arlington, Va.-based Cyber Security Industry Alliance, said last week. "I would think this should raise more awareness in the public consciousnesses."

However, some industry observers have suggested that the sheer bulk of stolen information may prove to be what protects many veterans' from identity fraud. Pete Lindstrom, research director of Spire Security LLC in Malvern, Penn., suggested in his Spire Security Viewpoint blog last week that there's a "finite limitation" to the number of Social Security numbers that may actually be used for fraud.

Given all the work required to convert Social Security numbers into financial gains, Lindstrom said it's best for each individual involved to be one of many.

Also in recent days, thieves have made off with notebook computers containing data belonging to former employees of supermarket chains Stop & Shop, Giants and Tops; Hotels.com customers; and Massachusetts and Rhode Island YMCA members, potentially putting more than 300,000 people at risk for identity theft.

Tags: Identity Theft and Data Security Breaches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection University data breach exposes 163,000 women to identity theft TJX thrives following breach, bucks sour economy

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary