PDA

View Full Version : Possible Compromise of Personnaly Identifying Information (PII)



Mcjohn1118
03-19-2013, 09:32 PM
I received an email today through my chain of command of a possible compromise of PII. I will post the email tomorrow but I wanted to get this information out there. The email stated in effect that a MSgt at the Air Force Personnel Center sent an unencrypted email to his home email account with a spreadsheet on information pertaining to SMSgt selects and Joint Spouses. This information contained names, ranks, social security numbers and dates of birth. There was mention that this could possibly affect 6,000 people. The officials did not know, yet, if there was compromise but the email was sent for situational awareness about protection of PII. What strikes me as odd are a few things. First, what was this MSgt's intent? Was s/he trying to be that "cool" person by getting the promotion information to then later on tell some friends? Was this MSgt trying to be the "one" who takes work home for whatever reason. NOTE to this MSgt: Stop taking work home with you dude! You don't get over-time! Why no instructions to possibly call one of the three credit reporting agencies to put a possible fraud alert for 90-days on your credit report? Anyway, did anyone else see this information or have anything else to add? Again, I will attempt to post this email tomorrow.

Robert F. Dorr
03-19-2013, 10:14 PM
I received an email today through my chain of command of a possible compromise of PII. I will post the email tomorrow but I wanted to get this information out there. The email stated in effect that a MSgt at the Air Force Personnel Center sent an unencrypted email to his home email account with a spreadsheet on information pertaining to SMSgt selects and Joint Spouses. This information contained names, ranks, social security numbers and dates of birth. There was mention that this could possibly affect 6,000 people. The officials did not know, yet, if there was compromise but the email was sent for situational awareness about protection of PII. What strikes me as odd are a few things. First, what was this MSgt's intent? Was s/he trying to be that "cool" person by getting the promotion information to then later on tell some friends? Was this MSgt trying to be the "one" who takes work home for whatever reason. NOTE to this MSgt: Stop taking work home with you dude! You don't get over-time! Why no instructions to possibly call one of the three credit reporting agencies to put a possible fraud alert for 90-days on your credit report? Anyway, did anyone else see this information or have anything else to add? Again, I will attempt to post this email tomorrow.

Interesting. Someone made an $18,000 purchase with my Visa credit card a few days ago. The sale initially went through and as I later learned the merchant was preparing to ship, The Visa company spotted fraud immediately and telephoned me. Meanwhile, the merchant, who hadn't heard from my Visa company, had a funny feeling and found me on the phone 24 hours after my credit card company did. The merchant was able to locate me precisely because my information is out there in public, all over the place.

By then, I had a new credit card and my existing account had been canceled. Based on their conversation with me, the merchant halted the shipment. What's interesting here is that the perpetrator of this fraud had my credit card number including the little secret number on the back, but not the card itself, which was in my wallet. So someone scanned my card at some point and used the information.

This occurrence caused me no harm apart from a few minutes of inconvenience on the telephone.

Most times, the situation you describe doesn't result in indentity theft. Still, I'd like to see the e-mail. I wonder what's going on.

technomage1
03-19-2013, 10:31 PM
I pay $7 a month for credit and identity monitoring. Worth every penny in today's world. I've had my credit card number stolen 3 times.

efmbman
03-19-2013, 10:31 PM
I received an email today through my chain of command of a possible compromise of PII. I will post the email tomorrow but I wanted to get this information out there. The email stated in effect that a MSgt at the Air Force Personnel Center sent an unencrypted email to his home email account with a spreadsheet on information pertaining to SMSgt selects and Joint Spouses. This information contained names, ranks, social security numbers and dates of birth. There was mention that this could possibly affect 6,000 people. The officials did not know, yet, if there was compromise but the email was sent for situational awareness about protection of PII. What strikes me as odd are a few things. First, what was this MSgt's intent? Was s/he trying to be that "cool" person by getting the promotion information to then later on tell some friends? Was this MSgt trying to be the "one" who takes work home for whatever reason. NOTE to this MSgt: Stop taking work home with you dude! You don't get over-time! Why no instructions to possibly call one of the three credit reporting agencies to put a possible fraud alert for 90-days on your credit report? Anyway, did anyone else see this information or have anything else to add? Again, I will attempt to post this email tomorrow.

In addition to the bolded part, isn't it standard practice to give the monitoring service for free for a year in these cases? Many corporations do so in the event of disclosure. Any chance the government will do the same?

efmbman
03-19-2013, 10:31 PM
I received an email today through my chain of command of a possible compromise of PII. I will post the email tomorrow but I wanted to get this information out there. The email stated in effect that a MSgt at the Air Force Personnel Center sent an unencrypted email to his home email account with a spreadsheet on information pertaining to SMSgt selects and Joint Spouses. This information contained names, ranks, social security numbers and dates of birth. There was mention that this could possibly affect 6,000 people. The officials did not know, yet, if there was compromise but the email was sent for situational awareness about protection of PII. What strikes me as odd are a few things. First, what was this MSgt's intent? Was s/he trying to be that "cool" person by getting the promotion information to then later on tell some friends? Was this MSgt trying to be the "one" who takes work home for whatever reason. NOTE to this MSgt: Stop taking work home with you dude! You don't get over-time! Why no instructions to possibly call one of the three credit reporting agencies to put a possible fraud alert for 90-days on your credit report? Anyway, did anyone else see this information or have anything else to add? Again, I will attempt to post this email tomorrow.

In addition to the bolded part, isn't it standard practice to give the monitoring service for free for a year in these cases? Many corporations do so in the event of disclosure. Any chance the government will do the same?

SomeRandomGuy
03-19-2013, 11:30 PM
I received an email today through my chain of command of a possible compromise of PII. I will post the email tomorrow but I wanted to get this information out there. The email stated in effect that a MSgt at the Air Force Personnel Center sent an unencrypted email to his home email account with a spreadsheet on information pertaining to SMSgt selects and Joint Spouses. This information contained names, ranks, social security numbers and dates of birth. There was mention that this could possibly affect 6,000 people. The officials did not know, yet, if there was compromise but the email was sent for situational awareness about protection of PII. What strikes me as odd are a few things. First, what was this MSgt's intent? Was s/he trying to be that "cool" person by getting the promotion information to then later on tell some friends? Was this MSgt trying to be the "one" who takes work home for whatever reason. NOTE to this MSgt: Stop taking work home with you dude! You don't get over-time! Why no instructions to possibly call one of the three credit reporting agencies to put a possible fraud alert for 90-days on your credit report? Anyway, did anyone else see this information or have anything else to add? Again, I will attempt to post this email tomorrow.

It is really scary the amount of PII that a typical office worker has access to. I remember one time when I creeped some of my co-workers out by making a joke about how much this information would be worth on the black market. I am not sure what other AFSCs have but at Finance I could find just about anything I wanted. Here is a list of things I could know about anyone I wanted (back when I worked military pay):

1. Full Name
2. SSN
3. Current and any previous address
4. Banking Information (as well as previous)
5. Amount and institution for any allotment paid out their pay
6. Marital Status
7. Childrens and Family SSN (if listed on orders from last PCS)
8. Several other less relevant but useful items.

So now imagine if a person were to compile a spreadsheet of information on say a few thousand military members. How much would that information be worth on the black market? I would venture to say thousands if not maybe hundreds of thousands. I am quite honestly amazed no one has done it yet. It always scared me to death that the military makes you provide your social to lots of organizations who have no business needing it. I know a fix is in the works for this but it is taking way too long and way overdue.

P.S. The fix I heard proposed is for everyone to use their DoD ID number (the number assigned to your Common Access Card) and only organizations that really need your SSN will have access.

efmbman
03-19-2013, 11:38 PM
It is really scary the amount of PII that a typical office worker has access to. I remember one time when I creeped some of my co-workers out by making a joke about how much this information would be worth on the black market. I am not sure what other AFSCs have but at Finance I could find just about anything I wanted. Here is a list of things I could know about anyone I wanted (back when I worked military pay):

1. Full Name
2. SSN
3. Current and any previous address
4. Banking Information (as well as previous)
5. Amount and institution for any allotment paid out their pay
6. Marital Status
7. Childrens and Family SSN (if listed on orders from last PCS)
8. Several other less relevant but useful items.

So now imagine if a person were to compile a spreadsheet of information on say a few thousand military members. How much would that information be worth on the black market? I would venture to say thousands if not maybe hundreds of thousands. I am quite honestly amazed no one has done it yet. It always scared me to death that the military makes you provide your social to lots of organizations who have no business needing it. I know a fix is in the works for this but it is taking way too long and way overdue.

P.S. The fix I heard proposed is for everyone to use their DoD ID number (the number assigned to your Common Access Card) and only organizations that really need your SSN will have access.

For my last 7 years, I was a healthcare recruiter for the Army. Everyone I put in boots was an officer and therefore had all the bells and whistles of a secret clearance. In addition, I had every tidbit of info regarding their education and professional practice to include DEA licenses (narcotic prescriptions) and such. Believe it or not, at least 2 healthcare recruiter laptops holding this information for perhaps hundreds of potential officers were lost or stolen every year. Crazy.

Mcjohn1118
03-19-2013, 11:39 PM
Interesting. Someone made an $18,000 purchase with my Visa credit card a few days ago. The sale initially went through and as I later learned the merchant was preparing to ship, The Visa company spotted fraud immediately and telephoned me. Meanwhile, the merchant, who hadn't heard from my Visa company, had a funny feeling and found me on the phone 24 hours after my credit card company did. The merchant was able to locate me precisely because my information is out there in public, all over the place.

By then, I had a new credit card and my existing account had been canceled. Based on their conversation with me, the merchant halted the shipment. What's interesting here is that the perpetrator of this fraud had my credit card number including the little secret number on the back, but not the card itself, which was in my wallet. So someone scanned my card at some point and used the information.

This occurrence caused me no harm apart from a few minutes of inconvenience on the telephone.

Most times, the situation you describe doesn't result in indentity theft. Still, I'd like to see the e-mail. I wonder what's going on.

Damnnnn, Mr. Dorr, now I can understand why you can afford to give away books! You have at least $18K in credit on one card. Nice!!! Seriously, credit card theft, ID theft, hell, any type of theft, may be a small inconvenience or a large one depending on what is stolen, but it's still makes you feel violated.

USMC0341
03-19-2013, 11:47 PM
I've had my personal info lost 3 times by nitwits who've "forgotten" a laptop on a plane, one had it "stolen" from his car, and the last time was the VA incident where an employee had it "stolen." I have often wondered if that were really the case in the two stolen ones (I knew the Gunny who forgot the one on the plane and he was quite a dumbass), or if was a scheme to make a couple bucks.

In each case I did get free credit reports for a year

BURAWSKI
03-20-2013, 12:15 AM
About 18 months ago my apartment was burglarized during the day while I was at work. I had 3 hard drives, a nice monitor, and a desktop CPU stolen. Also, some camera equipment and video recorder, clothes (they even stole my underwear!) and coin jar with at least $500.00 in quarters, dimes, nickles and pennies). It was really stupid of me to leave those hard drives out without backup and unencrypted. I plead guilty on that no doubt. The hard drives had every single piece of my identity including birth certificates, income tax returns for the last 10 years, W-2's, copy of my social security card, all of my latest and greatest bank and credit card info, etc. etc.).

Anywho, I'll be looking over my shoulder for the rest of my life. I've changed all of my accounts, reported to the 3 credit agencies, the VA, the Social Security Administration, as well as the Consumer Protection Bureau. It's an understatement that I should have known better. I'm hoping everyone has their personal info secure on their hard drives or at the very least backed up somewhere. I didn't even think I needed to do that. Definately do not do what I did by leaving stuff out unsecured. I never anticipated anyone burglarizing my apartment during the day while I was at work. It looked almost like a smash and grab; in and out real quick - it probably occurred right after I left in the morning too.

RobotChicken
03-20-2013, 12:30 AM
:spy Had a house down on 3k sw 40th ave in Hollywood,FLA for a spell..thing were a changing 'B'! Sold out and went home.:smash:car

BURAWSKI
03-20-2013, 12:35 AM
Yeah, I hear you. I lived in Miami Gardens at the time. Found out a few of my neighbors were Section Eight too! I moved to Miramar and a majority of my neighbors are cops and it's a gated community.

Quixotic
03-20-2013, 01:17 AM
Just to throw another bit of anti-identity-theft info out there:

You can have your credit reports frozen so that anyone who wants access to them has to get your permission first. It won't stop someone from being able to purchase stuff with your stolen credit card, but it will stop someone from being able to apply for a credit card, or any other form of credit, with your stolen information. I did it, it's relatively pain free and it's easy to temporarily lift the freeze if you need to buy a car, or a mortgage.

My two cents.

TJMAC77SP
03-20-2013, 10:13 AM
I don't get the stolen laptop issues.

My company encrypts every laptop. While of course, every encryption can be broken it takes resources beyond the scope of your average or even above average ID thief.

We got a call one day from a guy who had bought a laptop at the local Goodwill electronics resale store. He booted it up and the encryption warning banner which identifies our company popped up. He wanted us to give him the code so he could use his new laptop. What I found funniest was that the laptop, which had been reported lost was donated to Goodwill instead of sold to a pawnbroker or someone else.

Why doesn't every government agency encrypt their laptops?

ttribe
03-20-2013, 11:54 AM
Interesting. Someone made an $18,000 purchase with my Visa credit card a few days ago. The sale initially went through and as I later learned the merchant was preparing to ship, The Visa company spotted fraud immediately and telephoned me. Meanwhile, the merchant, who hadn't heard from my Visa company, had a funny feeling and found me on the phone 24 hours after my credit card company did. The merchant was able to locate me precisely because my information is out there in public, all over the place.

By then, I had a new credit card and my existing account had been canceled. Based on their conversation with me, the merchant halted the shipment. What's interesting here is that the perpetrator of this fraud had my credit card number including the little secret number on the back, but not the card itself, which was in my wallet. So someone scanned my card at some point and used the information.

This occurrence caused me no harm apart from a few minutes of inconvenience on the telephone.

Most times, the situation you describe doesn't result in indentity theft. Still, I'd like to see the e-mail. I wonder what's going on.

So, I guess it would be pointless for me to call Amazon and ask when my new 60" TV, Blue Ray, and big box of "Porn"ucopia is going to arrive. :ohwell