Identity Thieves Hit NIH Credit Union
Scheme Is Latest in Spate of Breaches Affecting Millions

By Nancy Trejos
Washington Post Staff Writer
Thursday, June 29, 2006

The National Institutes of Health's federal credit union has notified some customers that their personal information has been compromised by an identity theft scheme, officials said yesterday.

Lindsay A. Alexander, chief executive of the credit union, would not disclose how many of the institution's 41,000 customers were affected, but she did say it was a small number. "They already know who they are, and we know who they are, and we're working with them," she said.

The Rockville-based credit union's clients include employees of NIH, several biotech companies and hospitals such as Sibley Memorial in Northwest Washington. Students and employees at George Washington University also have accounts there.

Alexander said she was not authorized to disclose many details about the case. She said the theft happened recently, but she would not specify when. She also said she could not reveal what type of information was stolen or how it was stolen.

Local and federal agencies are investigating, she said, but she would not identify which ones.

The announcement follows a spate of security breaches in recent months that have compromised the financial data of millions of people.

This month, a laptop containing personal data, including Social Security numbers, of 13,000 District government workers and retirees was stolen from the Southeast Washington home of an employee of ING U.S. Financial Services.

And last month, the U.S. Department of Veterans Affairs announced that the personal information of 26.5 million veterans and military personnel had been compromised after a laptop and external hard drive were stolen from an employee's home in Montgomery County.

Alexander said all of the credit union's customers would receive letters alerting them to the theft. The credit union is offering them several services to combat identity theft, such as free credit reports and monitoring for a year, Alexander said.

"At this point, we don't have any indication that the rest of our membership is affected, but we felt a great responsibility to let them know," Alexander said.

Matt Lindsay, a spokesman for George Washington University, said the school had spoken with Alexander and would send a campus-wide e-mail to notify employees and students. "We want to let them know, but we also want to make it very clear that this wasn't a GW system that broke down," he said.

View all comments that have been posted about this article.

© 2006 The Washington Post Company