500,000 at Risk From Identity Theft (TriWest, gov contractor has computers stolen)

Salt Lake Tribune ^ | 12/27/2002 | JOSHUA FREED

[lelio]

Thieves who broke into a government contractor's office snatched computer hard drives containing Social Secu rity numbers, addresses and other records of about 500,000 service members and their families.
The company, Phoenix-based TriWest Healthcare Alliance, provides managed health care to the military in 16 s tates, including Utah. It serves about 1.1 million active-duty personnel, their dependents and retirees.
TriWest spokesman Jim Kassebaum said computer equipment stolen from a TriWest office in Phoenix on Dec. 14 c ontained names, addresses, phone numbers, medical claim histories, and Social Security numbers for beneficiaries in its central region, which covers the central United States. In a separate news release, the company also sai d a "few credit-card numbers were contained in the potentially compromised files."
The Defense Department's TRICARE medical program acknowledged the theft with a news release Monday, saying T riWest told it about the theft on Dec. 20.
Kassebaum said no one whose records were stolen has reported a fraud related to the theft.
"There's a potential for identity theft. It hasn't occurred yet," Kassebaum said. "It's a dark cloud hanging over us right now. If you know anything about identity theft, it's a little insidious, because until it happens , you can't do anything about it."
TriWest encouraged their enrollees in the 16 states to e-mail computerthefttriwest.com or visit www.triwest. com. And it set up a hot line at 888-339-9378, which will be staffed round-the-clock beginning Monday. The compa ny also said it plans to begin mailings to all 500,000 enrollees beginning today.
Kassebaum said the investigation is being handled by the Defense Department's Criminal Investigative Service and the FBI. An agent at the Phoenix office of the Criminal Investigative Service declined comment.
TriWest President and chief executive David McIntyre said the thief stole computer hard drives, raising the possibility that the equipment was taken specifically so the thief could get the information.
He said the building has "reasonable security. Not barbed wire and all of that, but reasonable security for a company."
He also defended the time delay in notifying federal authorities and enrollees.
He said the theft happened on Dec. 14, but wasn't discovered until Dec. 16. He said he was not told until De c. 19 that hard drives with personal information were missing.
TriWest's 16-state area includes Arizona, Colorado, Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, Nebra ska, Nevada, New Mexico, North Dakota, South Dakota, Utah, Wyoming, and western Texas.
The break-in happened at one of TriWest's secondary buildings, which houses a call center and enrollment off ices.
TriWest's headquarters is in a separate building, Kassebaum said.
TriWest said that in response to the theft, the Defense Department has ordered all contractors within the TR ICARE system to "assess their current physical and electronic security."

[coloradan]

What penalties are associated with insecure storage of personal information? None. Should a gun registry be proposed, what measures will be taken to ensure they are not stolen? None are proposed.

[lelio]

I should of bolded some of the highlights. In a nutshell: a government contractor that "provides managed health care" to the military and contains servicemen's records had their computer stolen. Found out about it on slashdot.org
Don't know if this is just an opportunistic burglar or a targetted theft.

[USNBandit]

Tri West sucks. They do such a bad job of paying medical claims on time that it is hard to find a doctor that will still take Tricare patients. If you ever dispute a claim they never answer your calls, and there is never a chain of responsibility. I am in the process of appealing a denial of treatment for my son and Tri West won't even fulfill their obligations under Tricare regulations. Now on top of that my family's identities are at risk.

[hunter112]

I've seen Social Security numbers used under signatures on mortgages, which are then recorded in the county auditor's office, and become a public record. The address of the signers is always on the mortgage papers, too, unless it is their rental property, and would make it super simple for nasty types to get hold of this information. There's just way too much disclosure of people's information.

I believe that the solution is to stop tying the SSN to a person's credit record, some type of biometric data should be needed to even get a copy of a credit report, and to apply for credit. That's the only way to start to stem the tide of identity theft.

[fire_eye]

I believe that the solution is to stop tying the SSN to a person's credit record, some type of biometric data should be needed to even get a copy of a credit report, and to apply for credit. That's the only way to start to stem the tide of identity theft.

Yeah, sure. Giving everyone a Nazional-Socialistische ID number has turned into a disaster, so let's "fix" it by creating a huge government biometric database. Yeah, that'll fix everything.

[bluefish]

I'm afraid that was my thought, or worse. They have "enemy" families now. Don't know why the headline says they are at risk for identity theft. There is a much greater risk. I have a sick feeling in my stomach now.

[lelio]

Even the most sensitive information, collected by hospitals, schools, and courts, are not protected with any more care than a locked door.
And add to that "any third parties the original collector uses" -- does your hospital send their audio recordings of a doctor overseas to be transcribed? What's the security of that office building in India? The cable lines leading into it?
Its only a matter of time till someone realizes that people making $5/day will jump at $100 to do something as simple as copy files onto a disk.

[hunter112]

Yeah, sure. Giving everyone a Nazional-Socialistische ID number has turned into a disaster, so let's "fix" it by creating a huge government biometric database. Yeah, that'll fix everything.

While I understand your skepticism about a fix, it need not involve the government. I can envision private companies arising that will provide biometric verification to use in transactions, much as we have three competing credit reporting companies. I can pay a solid, trustworthy company a fee to produce an ID that is fakeproof, with a thumbprint or iris reader on my computer to verify my identity in online or ATM transactions. My fee would also pay for insurance against misuse, providing financial incentives to the company to deal harshly with wrongdoers, and security for companies not wanting to be stuck holding the bag for fraud.

The monster is already out there, and it uses simple little nine digit numbers that are child's play for even a stupid thief. We need a technological solution that is in keeping with a modern society.

Or, we can all go back to bartering everything for our living. I'll let someone else be Fred Flintstone, I'm going to be George Jetson.

[TheErnFormerlyKnownAsBig]

TriWest encouraged their enrollees in the 16 states to e-mail computerthefttriwest.com or visit www.triwest. com.

"Yes, I'm calling because you asked me to call after your computers were stolen?" "Does TriWest have any information to help us victims?"

"No, we just wanted your SSN again so we can re-enter the info into our new billing computers."