Personal Information Taken From Military

ASSOCIATED PRESS / New York Times ^ | 12/28/02 10:31 p.m. ET

[anymouse]

Thieves who broke into a government contractor's office snatched computer hard drives containing Social Security numbers, addresses and other records of about 500,000 members of the military and their families.

The company, Phoenix-based TriWest Healthcare Alliance, provides managed health care to the military in 16 states, including Minnesota. It serves about 1.1 million active-duty personnel, their dependents and retirees.

TriWest spokesman Jim Kassebaum said Thursday that no one whose records were stolen has reported a fraud related to the Dec. 14 theft.

``There's a potential for identity theft,'' Kassebaum said. ``If you know anything about identity theft, it's a little insidious, because until it happens, you can't do anything about it.''

The company said some credit-card numbers may also have been stolen.

The Defense Department's medical program said TriWest told it about the theft on Dec. 20.

TriWest has established a hot line and plans to begin mailings to all 500,000 enrollees on Friday.

Kassebaum said the investigation is being handled by Defense Department investigators and the FBI. Defense Department investigators in Phoenix declined comment.

TriWest President and chief executive David J. McIntyre Jr. said it was possible that the computer equipment was taken specifically for the information it contained.

He said the building has ``reasonable security. Not barbed wire and all of that, but reasonable security for a company.''

He defended the time delay in notifying federal authorities and enrollees, saying the theft wasn't discovered until Dec. 16. He said he did not learn until Dec. 19 that hard drives with personal information were missing.

[anymouse]

Wonder if some Islamofascist agents grabbed this military medical data for some nafarious purpose. Hope they track down the perps PDQ.

[anymouse]

Salt Lake Tribune/AP version:

http://www.sltrib.com/2002/dec/12272002/utah/14893.asp

Thieves who broke into a government contractor's office snatched computer hard drives containing Social Security numbers, addresses and other records of about 500,000 service members and their families.

The company, Phoenix-based TriWest Healthcare Alliance, provides managed health care to the military in 16 states, including Utah. It serves about 1.1 million active-duty personnel, their dependents and retirees.

TriWest spokesman Jim Kassebaum said computer equipment stolen from a TriWest office in Phoenix on Dec. 14 contained names, addresses, phone numbers, medical claim histories, and Social Security numbers for beneficiaries in its central region, which covers the central United States. In a separate news release, the company also said a "few credit-card numbers were contained in the potentially compromised files."

The Defense Department's TRICARE medical program acknowledged the theft with a news release Monday, saying TriWest told it about the theft on Dec. 20.

Kassebaum said no one whose records were stolen has reported a fraud related to the theft.

"There's a potential for identity theft. It hasn't occurred yet," Kassebaum said. "It's a dark cloud hanging over us right now. If you know anything about identity theft, it's a little insidious, because until it happens, you can't do anything about it."

TriWest encouraged their enrollees in the 16 states to e-mail computerthefttriwest.com or visit www.triwest.com. And it set up a hot line at 888-339-9378, which will be staffed round-the-clock beginning Monday. The company also said it plans to begin mailings to all 500,000 enrollees beginning today.

Kassebaum said the investigation is being handled by the Defense Department's Criminal Investigative Service and the FBI. An agent at the Phoenix office of the Criminal Investigative Service declined comment.

TriWest President and chief executive David McIntyre said the thief stole computer hard drives, raising the possibility that the equipment was taken specifically so the thief could get the information.

He said the building has "reasonable security. Not barbed wire and all of that, but reasonable security for a company."

He also defended the time delay in notifying federal authorities and enrollees.

He said the theft happened on Dec. 14, but wasn't discovered until Dec. 16. He said he was not told until Dec. 19 that hard drives with personal information were missing.

TriWest's 16-state area includes Arizona, Colorado, Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, Nebraska, Nevada, New Mexico, North Dakota, South Dakota, Utah, Wyoming, and western Texas.

The break-in happened at one of TriWest's secondary buildings, which houses a call center and enrollment offices.

TriWest's headquarters is in a separate building, Kassebaum said.

TriWest said that in response to the theft, the Defense Department has ordered all contractors within the TRICARE system to "assess their current physical and electronic security."

[anymouse]

The Arizona Republic's version:

http://www.arizonarepublic.com/arizona/articles/1227recordtheft.html


Feds probe break-in at TriWest -
Military families may face risk of identity theft

Thieves who broke into a Phoenix office building two weeks ago got more than a bunch of expensive computer equipment. They also snatched confidential files on more than 500,000 military personnel and their families, setting off a federal probe.

Investigators have not determined whether the computer files were a target of the break-in, nor have they made any arrests. However, authorities have issued a warning about the potential for identity theft.

The burglars struck Dec. 14 at Phoenix-based TriWest Healthcare Alliance Corp., a government contractor that provides managed medical care to the military in 16 states, serving 1.1 million active-duty personnel, their dependents and retirees.

Company spokesman Jim Kassebaum said the computer equipment contained Social Security numbers, names, addresses, phone numbers and medical claim histories for beneficiaries in its 16-state central region, which includes Arizona. The company also acknowledged that a "few credit-card numbers were contained in the potentially compromised files."

"There's a potential for identity theft. It hasn't occurred yet," Kassebaum said. "It's a dark cloud hanging over us right now. If you know anything about identity theft, it's a little insidious because until it happens, you can't do anything about it."

TriWest President David McIntyre Jr. posted his regrets on the company Web site: "Since the motives for the crime are unknown at this time, it is important that you are aware that there is the possibility that the information may be misused . . . I apologize to you for any inconvenience that this incident may cause you or your family members. Be assured that TriWest is working around the clock . . . to inform beneficiaries and help them take the proper precautions to safeguard against any potential fraudulent activity or misuse of their stolen information."

The Defense Department's TRICARE medical program acknowledged the theft with a news release on Monday, saying TriWest told it about the theft on Dec. 20. In response to the theft, the Defense Department has ordered all contractors within the TRICARE system to "assess their current physical and electronic secur- ity."

Meanwhile, TriWest has set up a 24-hour hotline (1-888-339-9378) and an e-mail address (computertheft@ triwest.com) for people who may be affected by the theft. Kassebaum said the company plans to begin mailing information to those clients Friday.

The criminal investigation is being handled by the Defense Department's Criminal Investigative Service, the FBI and Phoenix police. An FBI spokesman in Phoenix declined comment.

The break-in happened at a TriWest secondary building that houses enrollment offices and a call center. Corporate headquarters is in a separate building, Kassebaum said.

TriWest's 16-state area encompasses Arizona, Colorado, Idaho, Iowa, Kansas, Minnesota, Missouri, Montana, Nebraska, Nevada, New Mexico, North Dakota, South Dakota, Utah, Wyoming and western Texas. Last year, the company obtained a four-year extension on its contract, worth $2.5 billion.

[American in Israel]

No identity theft? If the data was the target, this is a very serious esponage event. Not thieves. Knowing who is in the military would allow you to track and predict Americas military movements. Very serious stuff.The Perps need to be found and questioned by a military unit ASAP. This is a matter of National Security now.

It is like breaking into a house and stealing a computer only to find the local Mafia Don's books on it. Your arse is grass, ain't no apologising, just time to reap what you have sown.

[Cindy]

***STAR TRIBUNE.com: "THIEVES STEAL 500,000 SERVICE MEMBERS' RECORDS" (122702)

***GCN.com - GOVERNMENT COMPUTER NEWS: "THIEVES STEAL COMPUTERS CONTAINING DEFENSE HEALTH CARE DATA" by Matt McLaughlin (122402)

DEFENSELINK.mil - AMERICAN FORCES INFORMATION SERVICE: "MILITARY DEPLOYS DIGITIZED PATIENT RECORD" by Gerry J. Gilmore, American Forces Press Service (122302)

[Lilly]

Well said. I'm guessing this could be the work of another towel head.

[HiTech RedNeck]

Knowing who is in the military would allow you to track and predict Americas military movements

I assume the data showed who was assigned to what military unit...? There would have to be follow up spying on the people identified to map out who has been deployed, and such spying would have to be on a large scale and thus be difficult to keep clandestine. I'd sooner anticipate that whoever stole the data will shortly put it up on the Internet from a server in a foreign country, just to taunt the USA.

[Flyer]

a possibility that the data, rather than the hardware, was the target of the theft

That would be my guess. Laptops are an easy item to sell, but a loose hard drive? A typical dumb thief wouldn't know about hot swappable drives.

I think the only question is what the data was wanted for - military knowledge or financial fraud?

Houston Area Texans

[Bogie]

"My number 303 34 6754. I captain in American army. Me go into post now."

Cloud, cloud, cloud...(Humm, reminds me of a lot of the guys I had in basic. Oh well, it's a Clintonesque world of diversity out there!)

"Sure Captain, the road to the left leads to the warhead storage areas."

[Stavka2]

Great to know that they are so careful with our information...so lovely of them. /sarcasm. I'm sick and tired of this crap. The government always buy's the lowest bidder or the best briber and then everyone gets to suffer the after affects.

[Grassontop]

Didn't the Clintoons like stealing records and hiding them? Could it be? NO! YES! NO! Possibly YES! Possibly NO! Time will tell! (Sarcasm) We do know how the clintoons do things!

[AppyPappy]

I could solve this identity theft crisis. Make credit card companies and creditors liable for any debts based on fraud. They would stop making it so easy to get a credit card.

[Glenn]

Make credit card companies and creditors liable for any debts based on fraud.

Sorry. No room on the agenda for anything like that. It's too crowded with bills aimed at preventing anyone from going bankrupt. The lobbiests must be fed, eh?

[Arkinsaw]

Sorry. No room on the agenda for anything like that. It's too crowded with bills aimed at preventing anyone from going bankrupt. The lobbiests must be fed, eh?

I'm glad to see another conservative sharing my opinion of the bankruptcy changes. Usually I get slammed pretty good for holding the opinion that one should not run to the Congress to save oneself from handing out credit cards to bad credit risks.

[bkwells]

I am one who is affected by this and I don't like it one bit. I sent an email to ComputerTheft@TriWest.com and this is the automated response I got.

Thank you for contacting us regarding the recent theft of TRICARE information.

TriWest has produced the following Q&A that explains details of this break-in, the theft of computer equipment and what type of information was potentially compromised. We have also included resources that could be helpful with identity fraud. If you have questions that the Q&A doesn't answer, please call our toll -free line at 1-888-339-9378.

Rest assured that TriWest is working with the Department of Defense, the FBI and other local and federal agencies to address the theft of this computer equipment. Your patience and understanding as we fully investigate this matter is greatly appreciated.

- TriWest Healthcare Alliance

Q&A: Military Healthcare Information Stolen From TriWest Office

What happened?

TriWest experienced a break-in at one of its corporate offices in Phoenix on the afternoon of Saturday, Dec. 14, which resulted in the theft of computer equipment. The computer equipment housed data files that contained sensitive and personal TRICARE Prime beneficiary information including a beneficiary's claims history and Social Security Number (SSN). Although we have no information about the motive for the crime or whether the information will ever be accessed or misused, we wanted to advise beneficiaries of this situation so they could begin taking precautions to watch out for any unauthorized use of SSNs or credit-card accounts.

What information was stolen?

The stolen computer equipment housed data files that contained sensitive and personal Prime beneficiary information including SSNs. The Prime beneficiary information is the same as that contained on the TRICARE enrollment form. For some Active Duty Service Members, claims processing information may have been disclosed. This claims processing information includes the Active Duty Service Member's name, SSN, a list of the medical procedures and diagnosis codes for the services rendered, the dates of service, where the service was rendered, and the claim amount. No information regarding beneficiaries 65 and older was contained on the stolen computer equipment, unless those individuals were enrolled in Prime after January 1, 1999.

What is TriWest doing to assist beneficiaries?

TriWest will be communicating directly with TRICARE beneficiaries and health care providers whose information was contained on the stolen hard drives. These communications will focus on the fact that the information was stolen and that affected individuals can take some precautionary measures to help protect against the unauthorized use of their personal information by following recommendations provided by the Federal Trade Commission.

How are beneficiaries being notified?

TriWest will contact the beneficiaries via letter that will inform them about the incident, the potential for identity theft, and steps they should take to help protect against the unauthorized use of their information. Beneficiaries can access that information on the TriWest web site, , and also obtain news announcements, timely updates and links to useful government sites. For those beneficiaries who use the email service and still have questions, or for those individuals who do not have email or Internet access, a toll-free number has been established at 1-888-339-9378.

What if beneficiaries have questions?

Beneficiaries should contact TriWest directly via either of two dedicated channels. TriWest has established a toll-free number, 888-339-9378, and a website address, for beneficiaries who seek more information about this situation.

What steps is TriWest taking to ensure this doesn't happen again?

TriWest has taken necessary and prudent steps to enhance the physical and electronic security of existing computer systems and data files. Updated policies and procedures already have been implemented to improve security and ensure the integrity of the data we manage on the government's behalf. Specific changes implemented at both of TriWest's Phoenix corporate offices include the retention of a uniformed security guard at the Corp II facility for all after-hours time periods; the expansion of existing security systems including additional intrusion-detection devices at Corp II; and additional uniformed security guards at Corp I. A risk assessment of all TriWest servers in the field at TRICARE Service Centers is underway, and a comprehensive review of the company's data-security policies and procedures, including those for how employees manage materials in their work space, is being conducted.

Why the delay between the time of the incident and notification of affected parties?

A large number of data files had to be restored from backup tapes to determine the extent of the loss so that we could notify all affected individuals in an accurate manner. We continue to move forward as expeditiously as possible in hopes of mitigating any potential negative impact on the beneficiary population, which is our #1 priority, as well as other affected stakeholders such as the Department of Defense, network providers, subcontractors, etc.

What can you do to safeguard against identity theft or fraud?

If you suspect that your personal information has been misused to commit identity theft, take the following steps and keep a record of all your actions.

* FIRST, contact the fraud departments of each of the three major credit bureaus. Request that a "fraud alert" be placed in your file. Also ask them to place a statement that asks creditors to call you before opening any new accounts or changing any existing accounts. The credit bureau fraud departments are listed below. Their normal operating hours are Monday - Friday, 8:30 a.m. to 4:30 p.m.

TransUnion
Fraud Victim Assistance Department
P.O. Box 6790 Fullerton, CA 92834
Phone - 800-680-7289
Fax - 714-447-6034

Equifax Credit Information Services
Consumer Fraud Division
P.O. Box 105069 Atlanta, GA 30348
Phone - 800-525-6285

Experian
Experian's National Consumer Assistance
P.O. Box 1017 Allen, TX 75013
Phone - 888-397-3742

* SECOND, close or suspend any accounts you know or believe have been tampered with or opened fraudulently.

* THIRD, file a police report with your local police or the police in the community where the identity theft took place.

The Social Security Administration - www.ssa.gov - is an excellent source for information about Social Security Number theft or misuse. You can report allegations that an SSN has been stolen or misused to the SSA Fraud Hotline at 1-800- 269-0271. You should also periodically contact the SSA at 1-800-772-1213 to verify the accuracy of the earnings reported on your SSN, and may request a copy of your Social Security Statement. The following SSA resources are available on the Internet:

* SSA Fraud Hotline for Reporting Fraud -
* Social Security: Your Number and Card (SSA Pub. No. 05-10002) -
* When Someone Misuses Your Number (SSA Pub. No. 05-10064)(/a>

If you know that you are a victim of identity theft, file a complaint with the FTC by contacting the FTC's Identity Theft Hotline. Their toll-free telephone is 1-877-IDTHEFT (438-4338) or by direct dial to: 202-326-2502. You may also write to them at:

Identity Theft Clearinghouse
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580

You can also access their web site at: www.consumer.gov/idtheft
. Ask for a copy of ID Theft: When Bad Things Happen to Your Good Name, a free comprehensive consumer guide to help you guard against and recover from identity theft. One of the best ways to catch identity theft is to regularly check your credit record. Order your credit report from each of the three major credit bureaus each year and make sure all the information is correct.

(INFORMATION CURRENT AS OF 6:30 PM MST, 12/26)

[Spunky]

The Social Security Administration - www.ssa.gov - is an excellent source for information about Social Security Number theft or misuse.

Until just this month my medical insurance card No. was my husbands S.S. No. I received a new one in the mail with a letter saying they were doing away with the S.S. No. as the Medical No. and to destroy the old cards.

It has gotten where everything requires your S.S. No. I tried to get quotes for Homeowners Ins. and they would ask for my S.S. No. When I would refuse they would say they couldn't give me a quote because the computer program required it.