| How did this happen? |
A compact disks containing the personal information of non-appropriated fund retiree records was lost in the mail between Virginia to Texas. While there is no incident reported of unlawful use of this data, it is important for us to tell our customers of this loss so that they can prepare themselves.
|
| What’s the risk to me? |
If you are a retiree or received a refund between 1988 and 2011, your data may have been compromised, however, the likelihood of the data being in a criminal’s hands is low. We are considering this a loss of data, and not a theft.
|
| What actions are being taken? |
The command is reviewing current policies and practices to determine what must be changed to prevent similar occurrences in the future. The important thing to note is that the loss was discovered and reported right away, and measures have been taken to notify all those at risk.
|
| What can I do if i think my Personal Identifiable Information has been compromised? |
Based upon the risk assessment, Information Security experts believe it is unlikely the information on the computer will be compromised. However, there are steps readily available that you can take to as a preventive measure.
The Federal Trade Commission (FTC) Web site at: www.ftc.gov provides good sources of information to assist in the protection of potential identity theft.
“Fraud alert” is a free service and it is recommended that patrons on the database place a fraud alert on the credit file as a protective measure.
The fraud alert is for a period of 90 days, during which creditors are required to contact you before new credit is issued or an existing credit account is changed. This will help determine if your PII has actually been compromised.
|
| How do I initiate a "Fraud Alert"? |
Contact any one of the toll free “Big 3” consumer reporting agencies. They are then required to contact the remaining two to place a fraud alert on your credit report. Additional information can be found on what type of fraud alerts exist and made available to you on any one ofthe recommended sites.
|
| What are the “Big 3” consumer reporting agencies? |
TransUnion: 1-800-680-7289; www.transunion.com;
PO Box 6790, Fullerton CA 92834
Equifax: 1-800-525-6285; www.equifax.com;
PO Box 740241, Atlanta, GA 30374
Experian: 1-888-397-3742; www.experian.com;
PO Box 9532, Allen, TX 75013
|
| What is credit report monitoring? Can I get credit report monitoring? |
Credit report monitoring is the monitoring of your credit history in order to detect any suspicious activity or change in your credit history. Companies offer such services on a subscription basis, typically granting you regular access to your credit history, alerts of critical changes to your credit history, and additional services such as assistance in responding to fraudulent activity.
Credit monitoring can help you detect credit related fraud and identity theft, and is sometimes used after a breach of PII has been identified.
Based upon the risk assessment conducted, credit monitoring is not being offered at this time; however, “fraud alert” is available and free as a preventative measure. (See above.)
|
| How does this breach compare to others? |
There has been one incident of the theft of a laptop computer, which was a crime. This incident is a data loss, and no criminal activity has been reported, however, we feel it is our duty to alert our customers and give them the information they need to protect themselves.
|
Why did the CD have personal information on it?
Why were the CDs mailed to Texas?
Was there any bank or account data lost?
|
These compact disks contained backup information needed for a new computer system in Texas. The data is necessary for IMCOM to accurately fulfill its financial commitment to retirees. No retirement or refund payments were interrupted during this incident.
The department for retirement benefits was in the process of completing their Base Realignment and Closure (BRAC) move from Virginia to Texas. Before the process was complete, a computer upgrade was required which necessitated the use of the backup data. Express mailing the data was necessary to assure accurate and uninterrupted distribution of benefits promised by IMCOM.
There was no bank account information on the disk.
|
How did the NAF Benefits department collect such detailed information about me?
|
This information is collected in the process of preparing for the distribution of retirement benefits and refunds. It is necessary for the accurate and timely distribution of those benefits to our retirees.
|
Was the theft reported to CID?
Were any regulations or policies violated?
Is it legal/proper/within policy to ship this data via U.S. mail?
|
There was no theft of data, and no unlawful use of the information has been reported. The loss was reported to the Army’s Computer Emergency Readiness Team. While we consider this loss serious, no criminal activity is anticipated, however, our customers have been made aware.
There is no prohibition about using the U.S. mail in this way; however, the command is reviewing current policies and practices to determine what must be changed to prevent similar incidents.
The overall incident is under investigation.
|
Why aren't you paying for credit monitoring?
What's the difference between credit monitoring and an initial fraud alert?
|
In our initial review, the data loss has not resulted in any unlawful use, and criminal activity is not likely.
Because of the minimal threat to the information, officials at this time are advising affected patrons to initiate a fraud alert. This is a free service, through the credit reporting agencies that helps identify if PII is being used fraudulently.
Credit monitoring is a more comprehensive service, requiring annual or monthly payments, for people whose credit or identity has already been compromised. It takes further steps to protect the credit and identity, protects from future fraudulent actions, and assists in correcting credit records and eliminating credit accounts established illegally.
At this time, there is no indication that the data will be used unlawfully. We are treating this as a data loss, but are alerting our customers in accordance with regulation, good business practices, and common courtesy.
|
| How do I make a Formal Complaint under Privacy Redress Procedures? |
Should anyone want to make a formal inquiry, send it in writing:
Installation Management Command, G9
Attn: NAF Benefits PII Office
P.O. Box 340309
Fort Sam Houston, TX 78234
|
| Where do I submit Media Queries? |
All media queries should be directed to:
FMWRC Public Affairs Office,
Rober Dozier, 210-466-1002
robert.dozier1@us.army.mil
|
What is the purpose for calling the Social Security Administration?
|
You may contact the Social Security Administration but the best way to take action is to consider the guidance on the FTC.gov website.
|
| Will my retirement be affected? |
No, your retirement payments will not be affected.
|