Thursday, June 01, 2006

Vets Must be Vigilant to Prevent ID Theft

Vets Must be Vigilant to Prevent ID Theft
Military.com
By David Axe
May 31, 2006

In the wake of the May 3 theft of 26 million veterans' personal information from a Department of Veterans Affairs (VA) employee's home, some former servicemembers contend that the federal government has been careless with their personal information. To be sure, the VA theft is only the latest in a string of incidents:
· Several U.S. military computers containing personnel records were found for sale at a bazaar outside a U.S. base in Afghanistan, according to an April report in The L.A. Times.

· Thieves broke into a Ft. Carson, Colo. facility in September, making off with personal information belonging to deployed soldiers.

· In December 2002, records for more than 560,000 troops, dependents and retirees were stolen from computers at a health care provider in Arizona, prompting Pentagon officials to promise better information security, according to The New York Times.

In all cases, the stolen data were centralized in large databases and unencrypted, making the thieves' jobs as easy as carting off a computer or a hard drive.

Joe Katzman, editor of an influential blog at www.defenseindustrydaily.com, called it a "truism" that "more integrated databases make for larger and more lucrative honey pots."

The military has traditionally been an environment intolerant of lax information security, but many have paid the price for bad practices over the years.

"When I was in the Army from 1995 to 1999, our Leave and Earning Statements were handed out (or laid out on a desk) as just pieces of paper to us every month -- no concern about security, not even folding it over," said Jeff Car, 28, a former Army radioman. "The LES at that time contained your full name, social security number, bank account number, name of the bank, date of the deposit and the amount of the deposit. That was more than enough information in one place that was available to anyone who cared to look."
This habit -- confirmed by other former service members -- directly contradicts advice from the Army's Criminal Investigation Division, or CID: "Don't leave personal records or documents that contain Social Security numbers -- a whole range of cards and papers you might carry in your wallet or purse -- lying around for others to see," CID's CW5 Guy Surian said in a statement.

Both the VA and the Department of Defense have promised better security in the aftermath of the May theft. But even with improved security, the threat remains. Military service means extensive record-keeping and long deployments that make current and former servicemembers potentially vulnerable to dedicated ID thieves such as these:
· In 2001, Air Force Senior Airman David Daniel stole ID cards from a deployed airman in order to impersonate the victim and ring up massive charges in his name.· Edwin Gomez, a former janitor at an Army base in New York City, in 2005 swiped documents belonging to hundreds of deployed reservists and opened credit accounts.· Karl Valentine stole a deceased veteran's documents from the veteran's widow and used the victim's social security number to get treatment at a Kansas VA hospital.

"Some personal information ... was stolen from me recently and I immediately took steps to protect myself against fraud," said Ensign Charles Nasar of the Coast Guard Reserve. "As I worked through this process, I learned quite a lot ... most notably that military members can request a 12-month fraud alert [from consumer reporting companies] as opposed to the standard three months. Overall, vigilance is the key."

"I am very careful with my personal information on-line," said "Matt", an Army vet who blogs anonymously at www.blackfive.net. "The computer that I use to balance my accounts isn't internet capable. I teach classes and seminars on information security and encryption. I figured that I would be the last guy to have his identity stolen. But, somehow, a model citizen found enough information about me to try to open accounts at several banks and investment companies."

Matt recommends that victims of identity theft follow the Federal Trade Commission's (FTC) tips, as published at www.consumer.gov/idtheft:
1. Contact the fraud departments of any one of the three consumer reporting companies to place a fraud alert on your credit report. The fraud alert tells creditors to contact you before opening any new accounts or making any changes to your existing accounts. You only need to contact one of the three companies to place an alert. The company you call is required to contact the other two, which will place an alert on their versions of your report, too. Once you place the fraud alert in your file, you're entitled to order free copies of your credit reports, and, if you ask, only the last four digits of your Social Security number will appear on your credit reports.

2. Close the accounts that you know or believe have been tampered with or opened fraudulently. Use the ID Theft Affidavit (available on-line) when disputing new unauthorized accounts.

3. File a report with your local police or the police in the community where the identity theft took place. Get a copy of the report or at the very least, the number of the report, to submit to your creditors and others that may require proof of the crime.

4. File your complaint with the FTC. The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Filing a complaint also helps us learn more about identity theft and the problems victims are having so that we can better assist you.

When approached regarding other steps the VA might be taking in the wake of the information theft, VA spokesman Matt Burns forwarded a statement VA Secretary James Nicholson made on the Hill last week: "I have directed the Office of Information & Technology to publish, as a VA Directive, the revisions to the Security Guidelines for Single-User Remote Access developed by the Office of Cyber and Information Security. I have asked that this be done by June 30, 2006. This document will set the standards for access, use, and information security, including physical security, incident reporting and responsibilities."

Want to express your opinion on this issue?
Let your public officials know how you feel!

Sound Off...What do you think? Join the discussion.


Copyright 2006 Military.com. All rights reserved.

No comments: