Trending

BROWSE ALL TOPICS

PII Has No Shelf Life

By Steve Muck - Published, May 14, 2008

The following synopsis of a recently reported loss or breach of personally identifiable information (PII) highlights common mishandling mistakes made by individuals within the Department of the Navy. Names have been changed, but details are factual and based on reports sent to the DON Privacy office.

On Jan. 5, 2008, a government employee was notified by the local police department that "someone had stolen his identity and was about to use his credit card to buy a big screen TV at a major department store." Four suspects were arrested when an alert salesperson became suspicious of the purchase.

One of the suspects was in possession of a two-page report dated 1994 containing government employment data. That same individual had in his possession other credit cards, four of which were related to additional names in the compromised report. The report contained names, Social Security numbers, dates of birth, organization codes, position titles and other employment related data.

It is unknown how the individual(s) came to be in possession of this hard copy report and whether additional pages of this report have also been compromised.

All affected employees and former employees whose information appears on the compromised list have been notified or are in the process of being notified.

The Naval Criminal Investigative Service (NCIS), the Federal Bureau of Investigation (FBI) and the Secret Service were all involved to some extent in this first-of-a-kind Department of the Navy identity theft incident.

Lessons Learned

  • Compromised PII data can be used by thieves for many years to come.
  • Wherever possible, delete Social Security numbers and sensitive personal information from any list, database or e-mail before transmission or storage. SSNs are a critical element for bad guys to use in stealing personal identities.
  • Routinely review files and destroy PII by making it unrecognizable when no longer needed.
  • With any identity theft, immediately file a police report, contact the Federal Trade Commission web site at www.ftc.gov/idtheft and close any accounts that have been tampered with or established fraudulently. The FTC also recommends that you place a "Fraud Alert" on your credit reports and review the reports carefully.
Steve Muck is the DON CIO privacy team lead.

TAGS: Cybersecurity, Privacy

Related Policy
Improving Critical Infrastructure Cybersecurity
Processing of Electronic Storage Media for Disposal
DON Public Affairs Policy and Regulations
Safeguarding Personally Identifiable Information
DON Privacy Impact Assessment Guidance
Related News
DON IT West and East 2017 Conference Registration Now Open
Nominations for DON IM/IT Excellence Awards Due Dec. 5
DON CIO Awards Recognize Information Management and Information Technology Excellence
DON IT Conference Presentations Available
DON CIO Congratulates 2016 DON IM/IT Award Winners
Related CHIPS Magazine
Tech Support Companies Using Deceptive Pop-Up Ads to Scare Consumers into Purchasing Unneeded Service
Creating a Smart, Skilled Cybersecurity Workforce
Factsheet: National Background Investigations Bureau
DoD Releases Update of Manual Governing Defense Intelligence Activities
OPM Announces New Chief Information Officer
Related Resources
Personally Identifiable Information Posters
2014 PII Brief
DON Users Guide to Personally Identifiable Information
Inventory of DON Systems With Completed Privacy Impact Assessments
Privacy Frequently Asked Questions
Related Industry News
New Pentagon Website Can Tell If You Were Hacked by China
Nextgov 
America Needs To Stay the Course on GPS Security
Space News 
5 Ways to Spot a Coerced Insider Threat
Nextgov 
For Today's Government Data Security, Trust no one
Government Computer News 
OPM Security Chief: You're Gonna Need a Bigger Boat
Federal Computer Week 

DON CIO Information

Online Services & Community