Monday, May 22, 2006
FLASH FLASH FLASH: Security Breach at VA compromises personal info for millions of veterans
A disc containing the personal records - including names, social security numbers, and birth dates, of about 25.6 million veterans was stolen from the home of a Veterans Administration analyst earlier this month.
That's a significant security breach - and a major windfall to cybercriminals and ID Theft professionals, if the criminals realize what they have. The fact that the VA is not revealing the date of the burglary, nor the location, nor the encryption used, suggests to me that there is little reason to believe the crooks know what they stole.
The VA is planning to notify every affected veteran as a precaution, but will not reimburse them for the cost of credit checks.
That shouldn't be a big deal. Everyone in the country is entitled to a free credit report every year under the current law.
If a pattern begins to emerge that suggests that veterans on this disc are becoming victims of identity theft, then we'll know pretty quickly.
Meanwhile, I strongly recommend every military member enroll in the "Active Duty Alert program.
Here's the straight dope, lifted directly from the Federal Trade Commission
When a business sees the alert on your credit report, it must verify your identity before issuing you credit. The business may try to contact you directly, but if you're on deployment, that may be impossible. As a result, the law allows you to use a personal representative to place or remove an alert. Active duty alerts on your report are effective for one year, unless you request that the alert be removed sooner. If your deployment lasts longer, you may place another alert on your report.
To place an "active duty" alert, or to have it removed, call the toll-free fraud number of one of the three nationwide consumer reporting companies: Equifax, Experian, or Trans Union. The company will require you to provide appropriate proof of your identity, which may include your Social Security number, your name, address, and other personal information.
Equifax: 1-800-525-6285; www.equifax.com
Experian: 1-888-EXPERIAN (397-3742); www.experian.com
TransUnion: 1-800-680-7289; www.transunion.com
Contact only one of the three companies to place an alert - the company you call is required to contact the other two, which will place an alert on their versions of your report, as well. If your contact information changes before your alert expires, remember to update it.
When you place an active duty alert, your name will be removed from the nationwide consumer reporting companies' marketing lists for prescreened offers of credit and insurance for two years - unless you ask that your name be placed on the lists before then. Prescreened offers - sometimes called "preapproved" offers - are based on information in your credit report that indicates you meet certain criteria set by the offeror.
Yes, the FTC says you're supposed to be on active duty to place one of these alerts. Somehow I don't think anyone is going to prosecute you for fraud in this instance.
Update: David Rubinger of Equifax advises: "People can do better than that. Anybody, veteran or not, can put a fraud alert on their credit report, which accomlishes the same thing."
Rubinger also suggests enrolling in a credit monitoring system - a paid service, which generates an email every time someone makes a credit inquiry or otherwise touches your credit report. Basic service at Equifax starts at $49.95 per year, for a weekly email. A more expensive package - 99.95 per year - gets you a daily email. And the high-speed, low-drag 3 in 1 monitoring plan monitors all three major credit bureaus, and comes with $20,000 in no-deductible identity fraud protection - all for 129.95 per year, or 14.00 per month.
"This is the biggest [security breech event] that we know of, says Rubinger. In some cases, such as with Time Warner, the companies themselves have underwritten providing credit monitoring service for the affected employees. The VA says they will not provide assistance beyond notification.
That's a lot of liability to assume.
Splash, out
Jason
Comments:
Post a Comment
That's a significant security breach - and a major windfall to cybercriminals and ID Theft professionals, if the criminals realize what they have. The fact that the VA is not revealing the date of the burglary, nor the location, nor the encryption used, suggests to me that there is little reason to believe the crooks know what they stole.
The VA is planning to notify every affected veteran as a precaution, but will not reimburse them for the cost of credit checks.
That shouldn't be a big deal. Everyone in the country is entitled to a free credit report every year under the current law.
If a pattern begins to emerge that suggests that veterans on this disc are becoming victims of identity theft, then we'll know pretty quickly.
Meanwhile, I strongly recommend every military member enroll in the "Active Duty Alert program.
Here's the straight dope, lifted directly from the Federal Trade Commission
When a business sees the alert on your credit report, it must verify your identity before issuing you credit. The business may try to contact you directly, but if you're on deployment, that may be impossible. As a result, the law allows you to use a personal representative to place or remove an alert. Active duty alerts on your report are effective for one year, unless you request that the alert be removed sooner. If your deployment lasts longer, you may place another alert on your report.
To place an "active duty" alert, or to have it removed, call the toll-free fraud number of one of the three nationwide consumer reporting companies: Equifax, Experian, or Trans Union. The company will require you to provide appropriate proof of your identity, which may include your Social Security number, your name, address, and other personal information.
Equifax: 1-800-525-6285; www.equifax.com
Experian: 1-888-EXPERIAN (397-3742); www.experian.com
TransUnion: 1-800-680-7289; www.transunion.com
Contact only one of the three companies to place an alert - the company you call is required to contact the other two, which will place an alert on their versions of your report, as well. If your contact information changes before your alert expires, remember to update it.
When you place an active duty alert, your name will be removed from the nationwide consumer reporting companies' marketing lists for prescreened offers of credit and insurance for two years - unless you ask that your name be placed on the lists before then. Prescreened offers - sometimes called "preapproved" offers - are based on information in your credit report that indicates you meet certain criteria set by the offeror.
Yes, the FTC says you're supposed to be on active duty to place one of these alerts. Somehow I don't think anyone is going to prosecute you for fraud in this instance.
Update: David Rubinger of Equifax advises: "People can do better than that. Anybody, veteran or not, can put a fraud alert on their credit report, which accomlishes the same thing."
Rubinger also suggests enrolling in a credit monitoring system - a paid service, which generates an email every time someone makes a credit inquiry or otherwise touches your credit report. Basic service at Equifax starts at $49.95 per year, for a weekly email. A more expensive package - 99.95 per year - gets you a daily email. And the high-speed, low-drag 3 in 1 monitoring plan monitors all three major credit bureaus, and comes with $20,000 in no-deductible identity fraud protection - all for 129.95 per year, or 14.00 per month.
"This is the biggest [security breech event] that we know of, says Rubinger. In some cases, such as with Time Warner, the companies themselves have underwritten providing credit monitoring service for the affected employees. The VA says they will not provide assistance beyond notification.
That's a lot of liability to assume.
Splash, out
Jason