Veterans (and others), phone number for stolen identities.

[Kevin Palmer]

The below was sent out by my agency, just thought it may be of help to others here at the site.



Due to the recent misplacement of personal data by the Department of Veterans Affairs, a number has been established by Tran-Union to put a fraud alert on your credit file.



Ph# (800) 680-7289



This number is automated, and the process only takes a few moments of your time. Well worth the effort to have a peace of mind.

 

[Larry Gamble]

I got my "VA Oops" letter yesterday. Of course, THEY claim there is no actual evidence of anyone's data being used maliciously and therefore THEY don't need to be contacting anyone on our behalf. But, they refer you to a FTC web site with info on protecting yourself and tell you it's up to you if you want to contact anyone.



Edited to add a better FTC web link.

 

[A1cntrler]

I got my VA oops letter two days ago, but I am still Active duty....

 

[troy malone]

i got a letter also,, they say they lost active duty and reserve data along with that of vets...

i put a temporary fraud alert on my credit report at Experian.com.. that way they have to call and talk to you before any new accounts are open..

 

[Nelson Atwell]

Air Force members may check their status at the link below. I am affected.



The VFW has published the following letter on their site - www.vfw.org:

VFW Commander Urges You to Help Notify Others About VA Data Loss



June 7, 2006



To All Veterans, Servicemembers and Spouses:



I ask that you help notify others about the loss of personal information by the Department of Veterans Affairs, especially in light of VA’s announcement yesterday that the stolen data files also contained information on our nation’s 2.2 million military servicemen and women.



What we know to date is that personal information on 26.5 million veterans and active-duty, Guard and Reservists was stolen May 3 from the home of a VA employee who was not authorized to take such information home. The data consisted of names, Social Security numbers, dates of birth, and some home addresses, telephone numbers, disability ratings and spousal information.



Veterans and servicemembers should contact one of the three largest national consumer credit bureaus below and place a free three-month fraud alert on their files and, if married, their spouse’s files. The other two companies will be automatically informed of the fraud alert.



Equifax: 1-800-525-6285, www.equifax.com

Experian: 1-888-397-3742, www.experian.com

TransUnion: 1-800-680-7289, www.transunion.com



We understand the VA is working with the national credit bureaus to develop a program that will extend credit protection at no cost. As I stated in a letter to all veterans last Friday, the VFW firmly believes it is the obligation of the U.S. Government to pay for any additional credit protection, to include assisting veterans — and now, servicemembers — should they become credit fraud victims.



I urge you to protect yourself and your families now, and I ask that you share this letter with others, to include older veterans who may not fully understand the ramifications of identity theft and fraud, and the families of our troops, especially those with loved ones deployed in harm’s way.



As always, we will continue to keep you informed as more details become known. Please check our website at www.vfw.org for updates. You may also call toll-free 1-800-FED-INFO (333-4636) or logon to www.firstgov.gov for additional information.



Yours in Comradeship,

James R. Mueller

Commander-in-Chief

Veterans of Foreign Wars of the United States

 

[TJ Laubach]

I received my letter last week. It really gives me a warm, fuzzy feeling how my service to our country is being rewarded Doesn't matter how many fraud alerts you put on your credit reports. A certain percentage of us vets are going to get screwed by these identity thieves. The criminals that do this kind of thing are just too good and they only need the smallest opportunity to "get er done". I strongly believe the federal government should bear all financial responsibility for any veteran that suffers financially in any way because of this. My question is...let's take this at face value and believe this idiot was really taking home extra work. So he is going to do a few hours of work right? Why would he need information containing millions of names to do a few hours work? At most, you might be able to work with a couple of thousand veterans information in a few hours. Are we to believe he was really going to be working with information on millions of veterans in a couple of hours? What's wrong with this picture? Does any of this seem odd to anyone else?

 

[Travis Tilley]

Got my letter yesterday. WOOO HOOOOOOOO. Identity Theft Lottery

 

[Thomas Rogers]

Identity theft will continue until companies (and our government) get sincere about protecting digital assets. When I say "get sincere", I mean they have to protect these assets by hiring and retaining experienced security experts, and in order to attract and retain them they will have to pay them well (6 figures or more in most cases).



Companies hire "newbies" fresh out of college, pay them $40K and $50K a year (approx), and rotate them into security related positions in their company at an alarming rate. Few companies have dedicated security specialists, and even fewer hire top-notch, experienced people for that job.



You get what you pay for. Do you really think someone just cutting their teeth in IT, and who isn't really even sure what IT is, or how long they will be in the industry is going to have any real "skin in the game" when it comes to protecting digital assets?



This will continue happen. You have to use the bank philosophy....the guy with the key to the vault, and all the responsibility that the vault is secure and the money is accounted for is the guy in the bank that gets paid the most...not the least.



TJR

 

[Dale Carlson]

TJR,



Couldn't agree with you more. However, I think most IT guys, experienced or not in systems security, don't generally make these kind of mistakes. This is a cultural and procedural issue that the rest of the departments in those bureaus, agencies, businesses, campuses, and services, need to come to grips with. Just a very small percentage of potential identity theft losses have been through hacked IT systems. Most of these losses have been through the carelessness and complacency of the people who work with this data everyday - and they forget that there are real human beings at the virtual end of those social security numbers, phone numbers, addresses, and medical records.



The VA (and, OBTW, the Department of Homeland Security) have gotten F's for their information security in recent years - and they still have done nothing. This is a leadership issue, not just an IT issue.

 

[FlipTrac_511]

Yeah, I got my letter in today. WTF? Not like my credit could get any worse, but still. There are other issues at hand, yes.

 

[Thomas Rogers]

Kefguy, I agree with you and what you are describing IS the problem I am talking about. What I mean is that all too often people think that IT system security is about keeping the hackers out. That's a big part of it, but only part of it. That part you can hire "just about anyone" to solve.



However, a "good" security expert, one that is worth their salary will recognize that system security is just one part of securing all the information. You still have to make sure the appropriate controls and restrictions are in place so that PEOPLE WITHIN don't compromise the information. Most companies are NOT doing that.



Hotels.com recently had an accountant's laptop stolen and 10s of thousands of customer credit card numbers, etc were compromised. Why the heck did an accountant have such information? Why wasn't it redacted, or better yet, encrypted if the accountant really needed it? A good security analyst will make sure such exposures are at an acceptable risk.



TJR

 

[Dale Carlson]

TJR,



Don't have any disagreements with your first two statements.



What you're talking about in the last though is still about leadership. You and I both know that the technology exists to secure our data. It's the users of that data who are the danger. Maybe that Hotels.com accountant had a need for that data, maybe not, but it was still HIS responsibility to safe-keep it. I can't tell you how many security vunerabilities that IT shops bring to the attention of their leadership, only to be shot down as being too expensive to fix, or not being the right time, or not being within the culture of the organization (if I hear "academic freedom" at the college I work at one more time....). Until an organization's leadership establish policy and procedure for the entire organization (not just the IT shop), and make it cost a person's job for violating same, then these things are going to keep coming up time and again.

 

[Thomas Rogers]

I agree that it is the accountant's responsibility to keep the data safe, but it is also the IT personnel's responsibility to provide the technical safeguards, including, for instance, encryption programs. If data is sensitive AND it is on a laptop, then it should be encrypted, because laptops can easily be lost and stolen. That's the security guy's fault, not the accountants. The security guy should recognize the vulnerability of the laptop and define and supply procedures and controls accordingly.



In the absence of good policies, procedures and controls, people get lazy. Heck, people get lazy and lax even in the presence of such controls. A good security analyst recognizes that the people within are the weakest link and designs the systems and the controls around that.



If a company's success hinges on people doing "the right thing" at "the right time" and at the same time the people within the company are given "freedom of choice", then don't be surprised if, from time to time, the company is not successful because someone did the wrong thing. Who is at fault when this happens is secondary.



I found this article very interesting, and somewhat related: