18 October 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,036,991Views 62Comments

70 Million Veterans at Possible Risk For Identity Theft

05 October 2009  |  2344 views  |  0

Wired reports the inspector general of the National Archives and Records Administration (NARA) is investigating a potential data breach affecting 70 million records of U.S. military veterans. The issue involves a defective hard drive the agency sent back to its vendor for repair without first destroying the data. Once the drive was diagnosed and found to be faulty, it was sent out for recycling. With millions of records still on it.

A NARA IT manager says 70 million veterans are at risk for identity theft, and that NARA’s practice of returning hard drives unsanitized was symptomatic of an irresponsible security mindset unbecoming to America’s record-keeping agency.

A $2000.00 hard drive with millions of social security numbers is worth millions, maybe billions of dollars if it gets into the hands of a criminal. The “loss” of data like this can cost a government agency or corporation millions to respond to the breach. The hard drive should have never left the facility and should have been destroyed. The Pentagon requires that old or defective drives be de-magnified or destroyed.

We have seen breaches like this before. A Veteran’s Administration laptop was stolen from the home of an employee of the Department of Veterans Affairs containing personal records of 26.5 million veterans in 2005 and eventually settled a class action suit over the breach by paying out $20 million. NARA also lost a hard drive including 100,000 Social Security numbers.

The risks associated with this kind of a breach generally revolve around new account fraud. New account fraud occurs when someone gains access to your personal identifying information, including your name, address and, most importantly, your Social Security number. With this data, a thief can open a new account such as a credit card and have the card sent to a different address. This is true identity theft. New account fraud destroys the victim’s credit and is a mess to clean up.

Government intervention to protect you from new account fraud is probably not going to happen any time soon, if ever. The responsibility is the citizens to protect themselves.

1. Protecting yourself from new account fraud requires effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Robert

What Was Scary About Blackhat 2017?

02 August 2017  |  6030 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6668 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  5279 views  |  0 comments | recomends Recommends 0 TagsSecurity

Getting Owned or Pwned SUCKS!

13 June 2017  |  5701 views  |  0 comments | recomends Recommends 0 TagsSecurity

Parents Beware of Finstagram

27 April 2017  |  5178 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
732 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan
Adedeji Olowe