[ISN] DOD data center worked overtime on stolen personnel files

InfoSec News isn at c4i.org
Thu Jun 8 05:04:56 EDT 2006


By Bob Brewin
June 7, 2006 

The Defense Manpower Data Center (DMDC) worked during the past weekend
to determine that a stolen Department of Veterans Affairs database,
which contained sensitive personnel information on 26.5 million
veterans, also contains information on as many as 1.1 million
active-duty personnel, a DOD spokesman said.

Army Lt. Col. Jeremy Martin, a Pentagon spokesman, said the VA
informed DOD June 1 that the stolen database may have included
information on active personnel.

DOD then asked the VA to transmit an original of the file stolen from
the home of a VA data analyst May 3 to DMDC. That file, Martin
emphasized, was encrypted and then transmitted over a secure link from
the VA to DMDC.

DMDC employees then worked over the weekend to compare records in the
VA file with records of active-duty and reserve personnel and
determined that records for as many as 1.1 million out of 1.4 million
active duty-personnel may have been included in the stolen VA
database, Martin said.

He added that records on 430,000 members of the National Guard and
645,000 members of the Reserves -- or roughly 90 percent of Reserve
and Guard personnel -- may have been on the stolen database.

Martin said DMDC employees worked over the weekend because "responding
to the compromise of service personnel's information was an urgent
priority and required immediate attention."

Once DMDC completed its work, DOD informed the VA June 5, and VA
Secretary Jim Nicholson announced the latest fallout from the data
theft June 6, which has consumed the agency since it surfaced in late

The VA "committed to providing updates on this incident as new
information is learned," Nicholson said. The department is working
with DOD to notify all affected personnel.

Nicholson said the VA is in discussion with several entities to
provide credit-monitoring services for active-duty and military
personnel potentially at risk from the data theft.

David Rubinger, a spokesman for Equifax, a large credit-reporting
service, said the company has not received any such request from the
VA, but added that individual fraud alerts by veterans has spiked ever
since the VA announced the theft.

Martin said DMDC is still comparing its files with the VA database, a
process which it should complete by the end of the week, at which time
the center could determine a smaller number of records are at risk
from the VA data theft. Martin said the number of records at risk from
the theft could lower, but it will not increase.

More information about the ISN mailing list