Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Possible Compromise of Personnaly Identifying Information (PII)

  1. #1
    Senior Member
    Join Date
    Oct 2011
    Location
    Dayton, OH
    Posts
    131
    Mentioned
    0 Post(s)

    Possible Compromise of Personnaly Identifying Information (PII)

    I received an email today through my chain of command of a possible compromise of PII. I will post the email tomorrow but I wanted to get this information out there. The email stated in effect that a MSgt at the Air Force Personnel Center sent an unencrypted email to his home email account with a spreadsheet on information pertaining to SMSgt selects and Joint Spouses. This information contained names, ranks, social security numbers and dates of birth. There was mention that this could possibly affect 6,000 people. The officials did not know, yet, if there was compromise but the email was sent for situational awareness about protection of PII. What strikes me as odd are a few things. First, what was this MSgt's intent? Was s/he trying to be that "cool" person by getting the promotion information to then later on tell some friends? Was this MSgt trying to be the "one" who takes work home for whatever reason. NOTE to this MSgt: Stop taking work home with you dude! You don't get over-time! Why no instructions to possibly call one of the three credit reporting agencies to put a possible fraud alert for 90-days on your credit report? Anyway, did anyone else see this information or have anything else to add? Again, I will attempt to post this email tomorrow.

  2. #2
    Senior Member Robert F. Dorr's Avatar
    Join Date
    Oct 2011
    Location
    Oakton, Virginia
    Posts
    894
    Mentioned
    0 Post(s)

    Re: Possible Compromise of Personnaly Identifying Information (PII)

    Quote Originally Posted by Mcjohn1118 View Post
    I received an email today through my chain of command of a possible compromise of PII. I will post the email tomorrow but I wanted to get this information out there. The email stated in effect that a MSgt at the Air Force Personnel Center sent an unencrypted email to his home email account with a spreadsheet on information pertaining to SMSgt selects and Joint Spouses. This information contained names, ranks, social security numbers and dates of birth. There was mention that this could possibly affect 6,000 people. The officials did not know, yet, if there was compromise but the email was sent for situational awareness about protection of PII. What strikes me as odd are a few things. First, what was this MSgt's intent? Was s/he trying to be that "cool" person by getting the promotion information to then later on tell some friends? Was this MSgt trying to be the "one" who takes work home for whatever reason. NOTE to this MSgt: Stop taking work home with you dude! You don't get over-time! Why no instructions to possibly call one of the three credit reporting agencies to put a possible fraud alert for 90-days on your credit report? Anyway, did anyone else see this information or have anything else to add? Again, I will attempt to post this email tomorrow.
    Interesting. Someone made an $18,000 purchase with my Visa credit card a few days ago. The sale initially went through and as I later learned the merchant was preparing to ship, The Visa company spotted fraud immediately and telephoned me. Meanwhile, the merchant, who hadn't heard from my Visa company, had a funny feeling and found me on the phone 24 hours after my credit card company did. The merchant was able to locate me precisely because my information is out there in public, all over the place.

    By then, I had a new credit card and my existing account had been canceled. Based on their conversation with me, the merchant halted the shipment. What's interesting here is that the perpetrator of this fraud had my credit card number including the little secret number on the back, but not the card itself, which was in my wallet. So someone scanned my card at some point and used the information.

    This occurrence caused me no harm apart from a few minutes of inconvenience on the telephone.

    Most times, the situation you describe doesn't result in indentity theft. Still, I'd like to see the e-mail. I wonder what's going on.

  3. #3
    Senior Member technomage1's Avatar
    Join Date
    Jul 2007
    Location
    Beyond the Rim
    Posts
    979
    Mentioned
    1 Post(s)

    Re: Possible Compromise of Personnaly Identifying Information (PII)

    I pay $7 a month for credit and identity monitoring. Worth every penny in today's world. I've had my credit card number stolen 3 times.
    Newton's First Law of Motion

  4. #4
    Senior Member efmbman's Avatar
    Join Date
    Dec 2011
    Location
    Tennessee
    Posts
    1,042
    Mentioned
    2 Post(s)

    Re: Possible Compromise of Personnaly Identifying Information (PII)

    Quote Originally Posted by Mcjohn1118 View Post
    I received an email today through my chain of command of a possible compromise of PII. I will post the email tomorrow but I wanted to get this information out there. The email stated in effect that a MSgt at the Air Force Personnel Center sent an unencrypted email to his home email account with a spreadsheet on information pertaining to SMSgt selects and Joint Spouses. This information contained names, ranks, social security numbers and dates of birth. There was mention that this could possibly affect 6,000 people. The officials did not know, yet, if there was compromise but the email was sent for situational awareness about protection of PII. What strikes me as odd are a few things. First, what was this MSgt's intent? Was s/he trying to be that "cool" person by getting the promotion information to then later on tell some friends? Was this MSgt trying to be the "one" who takes work home for whatever reason. NOTE to this MSgt: Stop taking work home with you dude! You don't get over-time! Why no instructions to possibly call one of the three credit reporting agencies to put a possible fraud alert for 90-days on your credit report? Anyway, did anyone else see this information or have anything else to add? Again, I will attempt to post this email tomorrow.
    In addition to the bolded part, isn't it standard practice to give the monitoring service for free for a year in these cases? Many corporations do so in the event of disclosure. Any chance the government will do the same?
    When things go wrong in your command, start searching for the reason in increasingly larger concentric circles around your own desk.
    -GEN Bruce C. Clarke

  5. #5
    Senior Member efmbman's Avatar
    Join Date
    Dec 2011
    Location
    Tennessee
    Posts
    1,042
    Mentioned
    2 Post(s)

    Re: Possible Compromise of Personnaly Identifying Information (PII)

    Quote Originally Posted by Mcjohn1118 View Post
    I received an email today through my chain of command of a possible compromise of PII. I will post the email tomorrow but I wanted to get this information out there. The email stated in effect that a MSgt at the Air Force Personnel Center sent an unencrypted email to his home email account with a spreadsheet on information pertaining to SMSgt selects and Joint Spouses. This information contained names, ranks, social security numbers and dates of birth. There was mention that this could possibly affect 6,000 people. The officials did not know, yet, if there was compromise but the email was sent for situational awareness about protection of PII. What strikes me as odd are a few things. First, what was this MSgt's intent? Was s/he trying to be that "cool" person by getting the promotion information to then later on tell some friends? Was this MSgt trying to be the "one" who takes work home for whatever reason. NOTE to this MSgt: Stop taking work home with you dude! You don't get over-time! Why no instructions to possibly call one of the three credit reporting agencies to put a possible fraud alert for 90-days on your credit report? Anyway, did anyone else see this information or have anything else to add? Again, I will attempt to post this email tomorrow.
    In addition to the bolded part, isn't it standard practice to give the monitoring service for free for a year in these cases? Many corporations do so in the event of disclosure. Any chance the government will do the same?
    When things go wrong in your command, start searching for the reason in increasingly larger concentric circles around your own desk.
    -GEN Bruce C. Clarke

  6. #6
    Senior Member
    Join Date
    Feb 2012
    Location
    Dayon, Ohio
    Posts
    1,244
    Mentioned
    2 Post(s)

    Re: Possible Compromise of Personnaly Identifying Information (PII)

    Quote Originally Posted by Mcjohn1118 View Post
    I received an email today through my chain of command of a possible compromise of PII. I will post the email tomorrow but I wanted to get this information out there. The email stated in effect that a MSgt at the Air Force Personnel Center sent an unencrypted email to his home email account with a spreadsheet on information pertaining to SMSgt selects and Joint Spouses. This information contained names, ranks, social security numbers and dates of birth. There was mention that this could possibly affect 6,000 people. The officials did not know, yet, if there was compromise but the email was sent for situational awareness about protection of PII. What strikes me as odd are a few things. First, what was this MSgt's intent? Was s/he trying to be that "cool" person by getting the promotion information to then later on tell some friends? Was this MSgt trying to be the "one" who takes work home for whatever reason. NOTE to this MSgt: Stop taking work home with you dude! You don't get over-time! Why no instructions to possibly call one of the three credit reporting agencies to put a possible fraud alert for 90-days on your credit report? Anyway, did anyone else see this information or have anything else to add? Again, I will attempt to post this email tomorrow.
    It is really scary the amount of PII that a typical office worker has access to. I remember one time when I creeped some of my co-workers out by making a joke about how much this information would be worth on the black market. I am not sure what other AFSCs have but at Finance I could find just about anything I wanted. Here is a list of things I could know about anyone I wanted (back when I worked military pay):

    1. Full Name
    2. SSN
    3. Current and any previous address
    4. Banking Information (as well as previous)
    5. Amount and institution for any allotment paid out their pay
    6. Marital Status
    7. Childrens and Family SSN (if listed on orders from last PCS)
    8. Several other less relevant but useful items.

    So now imagine if a person were to compile a spreadsheet of information on say a few thousand military members. How much would that information be worth on the black market? I would venture to say thousands if not maybe hundreds of thousands. I am quite honestly amazed no one has done it yet. It always scared me to death that the military makes you provide your social to lots of organizations who have no business needing it. I know a fix is in the works for this but it is taking way too long and way overdue.

    P.S. The fix I heard proposed is for everyone to use their DoD ID number (the number assigned to your Common Access Card) and only organizations that really need your SSN will have access.

  7. #7
    Senior Member efmbman's Avatar
    Join Date
    Dec 2011
    Location
    Tennessee
    Posts
    1,042
    Mentioned
    2 Post(s)

    Re: Possible Compromise of Personnaly Identifying Information (PII)

    Quote Originally Posted by SomeRandomGuy View Post
    It is really scary the amount of PII that a typical office worker has access to. I remember one time when I creeped some of my co-workers out by making a joke about how much this information would be worth on the black market. I am not sure what other AFSCs have but at Finance I could find just about anything I wanted. Here is a list of things I could know about anyone I wanted (back when I worked military pay):

    1. Full Name
    2. SSN
    3. Current and any previous address
    4. Banking Information (as well as previous)
    5. Amount and institution for any allotment paid out their pay
    6. Marital Status
    7. Childrens and Family SSN (if listed on orders from last PCS)
    8. Several other less relevant but useful items.

    So now imagine if a person were to compile a spreadsheet of information on say a few thousand military members. How much would that information be worth on the black market? I would venture to say thousands if not maybe hundreds of thousands. I am quite honestly amazed no one has done it yet. It always scared me to death that the military makes you provide your social to lots of organizations who have no business needing it. I know a fix is in the works for this but it is taking way too long and way overdue.

    P.S. The fix I heard proposed is for everyone to use their DoD ID number (the number assigned to your Common Access Card) and only organizations that really need your SSN will have access.
    For my last 7 years, I was a healthcare recruiter for the Army. Everyone I put in boots was an officer and therefore had all the bells and whistles of a secret clearance. In addition, I had every tidbit of info regarding their education and professional practice to include DEA licenses (narcotic prescriptions) and such. Believe it or not, at least 2 healthcare recruiter laptops holding this information for perhaps hundreds of potential officers were lost or stolen every year. Crazy.
    When things go wrong in your command, start searching for the reason in increasingly larger concentric circles around your own desk.
    -GEN Bruce C. Clarke

  8. #8
    Senior Member
    Join Date
    Oct 2011
    Location
    Dayton, OH
    Posts
    131
    Mentioned
    0 Post(s)

    Re: Possible Compromise of Personnaly Identifying Information (PII)

    Quote Originally Posted by Robert F. Dorr View Post
    Interesting. Someone made an $18,000 purchase with my Visa credit card a few days ago. The sale initially went through and as I later learned the merchant was preparing to ship, The Visa company spotted fraud immediately and telephoned me. Meanwhile, the merchant, who hadn't heard from my Visa company, had a funny feeling and found me on the phone 24 hours after my credit card company did. The merchant was able to locate me precisely because my information is out there in public, all over the place.

    By then, I had a new credit card and my existing account had been canceled. Based on their conversation with me, the merchant halted the shipment. What's interesting here is that the perpetrator of this fraud had my credit card number including the little secret number on the back, but not the card itself, which was in my wallet. So someone scanned my card at some point and used the information.

    This occurrence caused me no harm apart from a few minutes of inconvenience on the telephone.

    Most times, the situation you describe doesn't result in indentity theft. Still, I'd like to see the e-mail. I wonder what's going on.
    Damnnnn, Mr. Dorr, now I can understand why you can afford to give away books! You have at least $18K in credit on one card. Nice!!! Seriously, credit card theft, ID theft, hell, any type of theft, may be a small inconvenience or a large one depending on what is stolen, but it's still makes you feel violated.

  9. #9
    Senior Member
    Join Date
    Dec 2011
    Location
    Transient
    Posts
    193
    Mentioned
    0 Post(s)

    Re: Possible Compromise of Personnaly Identifying Information (PII)

    I've had my personal info lost 3 times by nitwits who've "forgotten" a laptop on a plane, one had it "stolen" from his car, and the last time was the VA incident where an employee had it "stolen." I have often wondered if that were really the case in the two stolen ones (I knew the Gunny who forgot the one on the plane and he was quite a dumbass), or if was a scheme to make a couple bucks.

    In each case I did get free credit reports for a year
    Disclaimer: All names, dates and locations have been changed in order to protect the guilty.

  10. #10
    Senior Member BURAWSKI's Avatar
    Join Date
    May 2008
    Location
    Miami, Florida
    Posts
    305
    Mentioned
    3 Post(s)

    Re: Possible Compromise of Personnaly Identifying Information (PII)

    About 18 months ago my apartment was burglarized during the day while I was at work. I had 3 hard drives, a nice monitor, and a desktop CPU stolen. Also, some camera equipment and video recorder, clothes (they even stole my underwear!) and coin jar with at least $500.00 in quarters, dimes, nickles and pennies). It was really stupid of me to leave those hard drives out without backup and unencrypted. I plead guilty on that no doubt. The hard drives had every single piece of my identity including birth certificates, income tax returns for the last 10 years, W-2's, copy of my social security card, all of my latest and greatest bank and credit card info, etc. etc.).

    Anywho, I'll be looking over my shoulder for the rest of my life. I've changed all of my accounts, reported to the 3 credit agencies, the VA, the Social Security Administration, as well as the Consumer Protection Bureau. It's an understatement that I should have known better. I'm hoping everyone has their personal info secure on their hard drives or at the very least backed up somewhere. I didn't even think I needed to do that. Definately do not do what I did by leaving stuff out unsecured. I never anticipated anyone burglarizing my apartment during the day while I was at work. It looked almost like a smash and grab; in and out real quick - it probably occurred right after I left in the morning too.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •