[ISN] DOD data center worked overtime on stolen personnel files

From: InfoSec News (isn@private)
Date: Thu Jun 08 2006 - 02:04:56 PDT


http://www.fcw.com/article94816-06-07-06-Web

By Bob Brewin
June 7, 2006 

The Defense Manpower Data Center (DMDC) worked during the past weekend
to determine that a stolen Department of Veterans Affairs database,
which contained sensitive personnel information on 26.5 million
veterans, also contains information on as many as 1.1 million
active-duty personnel, a DOD spokesman said.

Army Lt. Col. Jeremy Martin, a Pentagon spokesman, said the VA
informed DOD June 1 that the stolen database may have included
information on active personnel.

DOD then asked the VA to transmit an original of the file stolen from
the home of a VA data analyst May 3 to DMDC. That file, Martin
emphasized, was encrypted and then transmitted over a secure link from
the VA to DMDC.

DMDC employees then worked over the weekend to compare records in the
VA file with records of active-duty and reserve personnel and
determined that records for as many as 1.1 million out of 1.4 million
active duty-personnel may have been included in the stolen VA
database, Martin said.

He added that records on 430,000 members of the National Guard and
645,000 members of the Reserves -- or roughly 90 percent of Reserve
and Guard personnel -- may have been on the stolen database.

Martin said DMDC employees worked over the weekend because "responding
to the compromise of service personnel's information was an urgent
priority and required immediate attention."

Once DMDC completed its work, DOD informed the VA June 5, and VA
Secretary Jim Nicholson announced the latest fallout from the data
theft June 6, which has consumed the agency since it surfaced in late
May.

The VA "committed to providing updates on this incident as new
information is learned," Nicholson said. The department is working
with DOD to notify all affected personnel.

Nicholson said the VA is in discussion with several entities to
provide credit-monitoring services for active-duty and military
personnel potentially at risk from the data theft.

David Rubinger, a spokesman for Equifax, a large credit-reporting
service, said the company has not received any such request from the
VA, but added that individual fraud alerts by veterans has spiked ever
since the VA announced the theft.

Martin said DMDC is still comparing its files with the VA database, a
process which it should complete by the end of the week, at which time
the center could determine a smaller number of records are at risk
from the VA data theft. Martin said the number of records at risk from
the theft could lower, but it will not increase.




_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com



This archive was generated by hypermail 2.1.3 : Thu Jun 08 2006 - 02:42:12 PDT