Data Theft Affected Most in Military

By Ann Scott Tyson and Christopher Lee
Washington Post Staff Writers
Wednesday, June 7, 2006

Social Security numbers and other personal information for as many as 2.2 million U.S. military personnel -- including nearly 80 percent of the active-duty force -- were among the data stolen from the home of a Department of Veterans Affairs analyst last month, federal officials said yesterday, raising concerns about national security as well as identity theft.

The department announced that personal data for as many as 1.1 million active-duty military personnel, 430,000 National Guard members and 645,000 reserve members may have been included on an electronic file stolen May 3 from a department employee's house in Aspen Hill. The data include names, birth dates and Social Security numbers, VA spokesman Matt Burns said.

Defense officials said the loss is unprecedented and raises concerns about the safety of U.S. military forces. But they cautioned that law enforcement agencies investigating the incident have not found evidence that the stolen information has been used to commit identity theft.

"Anytime there is a theft of personal information, it is concerning and requires us and our members to be vigilant," Pentagon spokesman Bryan Whitman said. He said the loss is "the largest that I am aware of."

Army spokesman Paul Boyce said: "Obviously there are issues associated with identity theft and force protection."

For example, security experts said, the information could be used to find out where military personnel live. "This essentially can create a Zip code for where each of the service members and [their] families live, and if it fell into the wrong hands could potentially put them at jeopardy of being targeted," said David Heyman, director of the homeland security program at the Center for Strategic and International Studies (CSIS).

Another worry is that the information could reach foreign governments and their intelligence services or other hostile forces, allowing them to target service members and their families, the experts said.

"There is a global black market in this sort of information . . . and you suddenly have a treasure trove of information on the U.S. military that is available," said James Lewis, director of technology and public policy at CSIS.

One defense official, speaking on the condition of anonymity because of the sensitivity of the matter, called the extent of the data loss "monumental."

The new revelations significantly increase the potential harm from what was already one of the largest data breaches in U.S. history. On May 22, VA disclosed that an external computer hard drive was stolen May 3 from the home of a VA employee and that it contained unencrypted names and birth dates for as many as 26.5 million veterans who were discharged after 1975 or submitted benefit claims. It also included Social Security numbers for 19.6 million of those veterans, VA officials said.

Initially VA thought that all of the 26.5 million people affected were veterans, but a database comparison revealed that they also included the bulk of active-duty military services, as well as more than 1 million members of the National Guard and reserves.

Montgomery County police released a description yesterday of the stolen laptop and its external hard drive because they said it may have been purchased by someone who does not realize the value of its content. "It could have shown up at a yard sale or a secondhand store," police spokeswoman Lucille Baur said. "This is a time of the year when parents may be buying computers for kids going to college in the fall."

CONTINUED     1        >

© 2006 The Washington Post Company