Heroes’ PII released by contractor on internet
Someone who was interviewing Sal Giunta this afternoon called and told me about this thing in the Army Times today about the personally identifiable information (PII) for our highest decorated veterans was temporarily posted on the internet by a contractor;
The exposed database contains 31 Social Security numbers for six MoH recipients — including former Staff Sgt. Sal Giunta and Sgt. First Class Leroy Petry and four posthumous recipients — and 25 Distinguished Service Cross recipients since Sept. 11, 2011.
Erik Muendel, chief executive officer of Brightline, told Army Times he was unaware of the breach and did not know how the file wound up online, but he was investigating what was posted and how it got there.
He said Brightline makes use of such data as part of a contract with the Army Chief of Public Affairs office to build a “Gallery of Heroes” exhibit at the Association of the United States Army conventions.
He said his firm is meant to receive only unclassified information, and he was surprised the firm was provided with sensitive information.
“I’m assuming that that file was a derivative of information that was provided to us, but I do not know,” Muendel said.
Yeah, it wasn’t Brightline’s fault that they were careless with information. I’ll tell you guys like I passed on to Sal, get Lifelock. It costs $100/year, but it’s like life insurance – you don’t need it until it’s too late. The Deparment of Veterans’ Affairs and the Defense Department toss around your PII like so much confetti.
My wife went to buy a car and put me down as the co-signer and Lifelock called me while she was still at the dealer so I know it works.
Usually, the DVA and DoD don’t even tell you about these breaches of your PII until months after it happens, so be prepared beforehand. These guys are just lucky that it was Doug Sterner who discovered the breach this time.
Category: Veterans Issues, Veterans' Affairs Department
Lock your credit with the three vendors.
$10 per vendor per person.
Made life interesting when I went to get my first real cell phone(Tracfone previously).
They could’t do a credit check, info was locked out.
“…as part of a contract with the Army Chief of Public Affairs office to build a “Gallery of Heroes” exhibit at the Association of the United States Army conventions.”
Why does this require any PII at all?
#2 Exactly!
On thing that I do is note on my white board in my office what Bureau report I have asked for. I think the first part of the year I requested Experion. In MD (check your state) we are allowed to request one copy from each credit bureau, free, once a year. What I do is like in Jan request Experion, then in May I ask for Trans Union and then in Sept/October I get my Equifax report. I also can call, free, and put a fraud alert on my account over the phone and that’s good for either 60 or 90 days, I can’t remember which. You don’t have to verify anything, just press the buttons on the phone. If you want to go through the trouble, or if you believe you have been a victim of fraud, you can put a request in writing and they put a fraud alert on your account for a year. I also know there’s a special alert for military members that can be put on there for a year as well. I have to get off my but and do that this weekend.
Jonn, looks to me like there’s culpability both on the gov side (who SENT that stuff to them? WHY?) and the contractor (Who thought posting that stuff ws a GOOD idea?
“According an operations order obtained by Army Times, Human Resources Command was tasked with providing OCPA with the names, pictures and award citations for all recipients of the Silver Star, Distinguished Service Cross and Medal of Honor since September 2011.”
Looks like someone at HRC took a shortcut to Stupidville.
What gets me is, for the last several years DOD has fought the idea of an awards database, saying it can’t be done. They denied a 2006 FOIA for GWOT Silver Stars to the “Baltimore Sun” on the “basis it couldn’t find them all.” At last February’s Congressional hearing DoD representatives said such a database could be done. And here, all this time, they’ve had that DB in progress and very accurate.
Every screw-up has consequences. The major impediment to bureaucrats’ foreseeing and avoiding srew-ups is that they don’t connect the dots between what they are doing or not doing in their cubicles to an actual human being out here in the world.
“and four posthumous recipients”
In case someone doesn’t know, your SS#, name and address are public information after your death. The SSDI is a common source for genealogists.
#8 Common Sense:
Okay, then, 4 out of 31 are excusable.
Jonn, Sal did sign up for Lifelock and he thanks you for that recommendation. Although the Army Times says that only the MoHs and the DSCs were involved someone told me that there were SS#s for Silver Star Recipients on the document, too. I haven’t seen the document and don’t want to but am going to circle back and ask them to look at the document again – which was emailed to them today. The person who got that email was NOT happy.
I think that friggin contractor should have to pay for Lifelock for them for the rest of their lives.
There were NO SSNs for Silver Star recipients in the document. I can POSITIVELY CONFIRM that…only for the MOH/DSC recipients…all 31 of them.
Is the Privacy Act of 1974 no longer in effect? We were literally threatened with all sorts of very bad stuff if we even LOOKED at someone else’s SSAN without a very good reason. We could not say one aloud over the phone. We could not write one down on a piece of paper.
And on the few occasions when I actually needed one, it was an arduous task to get it.
So what has changed? Have people really become this uncaring, lazy, or whatever causes such stupidity?
Can we hold them accountable in some way for this stupidity?
Require that they pay for any fraud that is the result of this breach, or something…