Personal Data Were Posted on Navy Web Site

By Josh White
Washington Post Staff Writer
Saturday, July 8, 2006; A03

Personal records for every Navy and Marine Corps aviator or aircrew member who has logged flight hours in the past 20 years have been posted on a public Navy Web site for the past six months, compromising more than 100,000 Social Security numbers, the Navy Safety Center announced yesterday.

Investigators are working to determine how the records landed on the Navy Safety Center's Web site, which officials shut down Thursday after a member of the public reported finding the full names and Social Security numbers posted. Evelyn Odango, a spokeswoman for the safety center in Norfolk, said the list had been posted since December and appeared to be "inadvertent" and the result of "human error."

The security breach involving personal information is among several data losses involving the federal government in recent weeks, including the loss of records related to more than 26.5 million retirees and active-duty military personnel on a laptop that was stolen in May from a Veterans Affairs employee's home. The laptop was recovered last month.

The Government Accountability Office, the Agriculture Department, the Energy Department and the Internal Revenue Service all announced that they have had similar personal data compromised recently via Web site postings, Internet hackers and loss of electronic equipment. Two weeks ago, the Navy announced that personal information on 28,000 sailors and their family members was compromised when it appeared on a public Web site.

Odango said the Navy Safety Center list was discovered Thursday by someone not affiliated with the command, who then immediately reported it. She said the list includes all retired, active-duty and reservist personnel who have logged flight hours in the past two decades. The center is a command dedicated to improving the safety of Navy operations.

"That's the kind of information that is not supposed to be put on the Web site, and it was inadvertently posted," Odango said. "We don't have any proof that any of the information has been accessed or that it has been used illegally."

The information was included on 1,083 computer disks that were sent to all Navy and Marine Corps commands, Odango said, and Navy officials are working on recalling those disks.

Navy officials are encouraging anyone whose name could have been on the list to carefully monitor bank accounts, credit cards and other financial transactions to make sure the information is not being used fraudulently.

Those who might have been affected can contact the Navy Personnel Command call center at 866-827-5672 for more information. The call center should be active by the end of the weekend.

© 2007 The Washington Post Company