Wired reports the inspector general of the National Archives and Records Administration (NARA) is investigating a potential data breach affecting
70 million records of U.S. military veterans. The issue involves a defective hard drive the agency sent back to its vendor for repair without first destroying the data. Once the drive was diagnosed and found to be faulty, it was sent out for recycling. With
millions of records still on it.
A NARA IT manager says 70 million veterans are at risk for identity theft, and that NARA’s practice of returning hard drives unsanitized was symptomatic of an irresponsible security mindset unbecoming to America’s record-keeping agency.
A $2000.00 hard drive with millions of social security numbers is worth millions, maybe billions of dollars if it gets into the hands of a criminal. The “loss” of data like this can cost a government agency or corporation millions to respond to the breach.
The hard drive should have never left the facility and should have been destroyed. The Pentagon requires that old or defective drives be de-magnified or destroyed.
We have seen breaches like this before. A Veteran’s Administration laptop was stolen from the home of an employee of the Department of Veterans Affairs containing personal records of 26.5 million veterans in 2005 and eventually settled a class action suit
over the breach by paying out $20 million. NARA also lost a hard drive including 100,000 Social Security numbers.
The risks associated with this kind of a breach generally revolve around new account fraud. New account fraud occurs when someone gains access to your personal identifying information, including your name, address and, most importantly, your Social Security
number. With this data, a thief can open a new account such as a credit card and have the card sent to a different address. This is true identity theft. New account fraud destroys the victim’s credit and is a mess to clean up.
Government intervention to protect you from new account fraud is probably not going to happen any time soon, if ever. The responsibility is the citizens to protect themselves.
1. Protecting yourself from new account fraud requires effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud
alerts. There are pros and cons to each.
2. Invest in Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.