http://www.fcw.com/article94816-06-07-06-Web By Bob Brewin June 7, 2006 The Defense Manpower Data Center (DMDC) worked during the past weekend to determine that a stolen Department of Veterans Affairs database, which contained sensitive personnel information on 26.5 million veterans, also contains information on as many as 1.1 million active-duty personnel, a DOD spokesman said. Army Lt. Col. Jeremy Martin, a Pentagon spokesman, said the VA informed DOD June 1 that the stolen database may have included information on active personnel. DOD then asked the VA to transmit an original of the file stolen from the home of a VA data analyst May 3 to DMDC. That file, Martin emphasized, was encrypted and then transmitted over a secure link from the VA to DMDC. DMDC employees then worked over the weekend to compare records in the VA file with records of active-duty and reserve personnel and determined that records for as many as 1.1 million out of 1.4 million active duty-personnel may have been included in the stolen VA database, Martin said. He added that records on 430,000 members of the National Guard and 645,000 members of the Reserves -- or roughly 90 percent of Reserve and Guard personnel -- may have been on the stolen database. Martin said DMDC employees worked over the weekend because "responding to the compromise of service personnel's information was an urgent priority and required immediate attention." Once DMDC completed its work, DOD informed the VA June 5, and VA Secretary Jim Nicholson announced the latest fallout from the data theft June 6, which has consumed the agency since it surfaced in late May. The VA "committed to providing updates on this incident as new information is learned," Nicholson said. The department is working with DOD to notify all affected personnel. Nicholson said the VA is in discussion with several entities to provide credit-monitoring services for active-duty and military personnel potentially at risk from the data theft. David Rubinger, a spokesman for Equifax, a large credit-reporting service, said the company has not received any such request from the VA, but added that individual fraud alerts by veterans has spiked ever since the VA announced the theft. Martin said DMDC is still comparing its files with the VA database, a process which it should complete by the end of the week, at which time the center could determine a smaller number of records are at risk from the VA data theft. Martin said the number of records at risk from the theft could lower, but it will not increase. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 08 2006 - 02:42:12 PDT