All Department of the Navy personnel should continue to increase their level of awareness about properly safeguarding personally identifiable information (PII). To learn more about properly safeguarding PII, go to http://privacy.navy.mil.
The synopsis below of a recently reported loss or breach of PII highlights common mishandling mistakes made by individuals within the Department of the Navy. Incidents such as this will be reported in each subsequent CHIPS magazine to increase PII awareness. Names have been changed, but details are factual and based on reports sent to the DON Privacy Office.
On 5 Jan. 2008, a government employee was notified by the local police department that "someone had stolen his identity and was about to use his credit card to buy a big screen TV at a major department store." Four suspects were arrested when an alert salesperson became suspicious of the purchase.
One of the suspects was in possession of a two-page report dated 1994 containing government employment data. That same individual had in his possession other credit cards, four of which related to additional names in the compromised report. The report contained names, Social Security numbers, date of birth, organization code, position title and other employment related data.
It is unknown how the individual(s) came to be in possession of this hard copy report and whether additional pages of this report have also been compromised.
All affected employees and former employees whose information appears on the compromised list have been notified or are in the process of being notified.
The Naval Criminal Investigative Service (NCIS), the Federal Bureau of Investigation (FBI) and the Secret Service were all involved to some extent in this first of a kind Department of the Navy identity theft incident.
Lessons Learned
• Compromised PII data can be used by thieves for many years to come.
• Wherever possible, delete Social Security numbers and sensitive personal information from any list, database or e-mail before transmission or storage. SSNs are a critical element for bad guys to use in stealing personal identities.
• Routinely review files and destroy PII by making it unrecognizable when no longer needed.
• With any identity theft, immediately file a police report, contact the Federal Trade Commission Web site (www.ftc.gov/idtheft) and close any accounts that have been tampered with or established fraudulently. The FTC also recommends that you place a "Fraud Alert" on your credit reports and review the reports carefully.
The DON Chief Information Officer Robert J. Carey discussed the importance of protecting PII via podcast. The podcast is available on the DON CIO Web site at www.doncio.navy.mil and on the Navy Privacy Office Web site at http://privacy.navy.mil.
Steve Muck is the DON CIO critical infrastructure protection and privacy team lead.