Unsecured server may have left personnel files vulnerable
July 21, 2007
Mideast edition, Saturday, July 21, 2007
WASHINGTON — Social Security numbers, addresses and medical files of more than 580,000 military households may have been left open to identity thieves by a Defense Department contractor processing Tricare records, officials announced Friday.
Science Applications International Corp. first learned of the problem on May 29 but just this week finalized details of what and whose information was potentially exposed. Company spokeswoman Connie Custer said so far investigators have not seen any evidence the information was stolen or abused.
But officials at SAIC have promised to notify all of the affected families and offer them free credit protection services.
“The security failure is completely unacceptable and occurred as a result of clear violations of SAIC’s strong internal IT security policies,” company CEO Ken Dahlberg said in a statement Friday. “We let down our customers and the servicemembers whom we support. For this, we are very sorry.”
The unsecured records had been held on a file transfer protocol server in Florida that lacked a security firewall and password protections. Officials said while they found no signs that anyone outside the company or military had accessed the server, they couldn’t completely rule out the possibility either.
More than 867,000 individuals were affected by the potential breach, Custer said. At least some of those affected were Air Force personnel in Europe, although she said there was no common thread in the location or service of the troops whose information was being processed.
SAIC has promised to offer each a free one-year subscription to an identity protection service, a cost of nearly $9 million for the company. Each household affected will receive only one letter regarding the security issues, but each affected individual will be eligible for the free credit monitoring.
Company officials said the unsecured server has been shut down and they have placed several employees on administrative leave while they review the situation.
In May 2006 similar personal data of more than 26 million veterans and active-duty servicemembers was jeopardized when a laptop containing health records was stolen from the home of a Department of Veterans Affairs employee. Those affected also were offered free credit monitoring services.