On Aug. 18, personnel officials began notifying about 33,300
officers and 19 airmen that their records were accessed by a
still-unidentified information burglar.
The breach occurred in the May-June time frame. Further access was
stopped as soon as the break-in was discovered and, so far, no cases
of identity theft have been linked to the unauthorized access,
officials said.
Officials, in an effort to nab the identity thief, waited to alert
airmen that their personal information had been accessed. Now,
they’re letting the affected airmen know what steps to take to
protect themselves and their credit in the event that information was
stolen.
The information in the Assignment Management System could be a gold
mine for an identity thief. Besides Social Security numbers, it
includes other things protected under the Privacy Act, such as marital
status, number of dependents, date of birth, race/ethnic origin (if
declared), civilian educational degrees and major areas of study,
school and year of graduation, and duty information for overseas
assignments or for routinely sensitive units.
Officials are still withholding a lot of the details, citing the
on-going criminal investigation. But they said the breach was
accomplished through one of the most vulnerable parts of any network:
The intruder logged on using a stolen password.
“Basically, we had an unauthorized user gain access to a single
user account by stealing a password,” said Lt. Col. John Clarke,
chief of the Systems Operations Division at the Air Force Personnel
Center. “Then they went in and accessed member information on
roughly 33,000 military members.”
The delay in notifying the potential victims was approved at the
highest levels of the Air Force, said Maj. Gen. Anthony Przybyslawski,
Personnel Center commander.
“Senior leadership of the Air Force knew about this from the
moment it happened,” he said. “We weren’t in a vacuum; it was a
complete buy-in from all parties involved. There wasn’t any rogue
two-star general sitting in San Antonio making decisions on this.”
Now, officials have launched an information blitz to get the word
out to the affected airmen.
Besides the individual letters being sent, they also are sending
e-mails where possible and are putting an information link on the
front page of the center’s Web site,
www.afpc.randolph.af.mil.
The home page will carry a link where airmen can enter their Social
Security numbers and determine whether their records were part of the
breach. If so, they will be linked to an online version of the
notification letter.
Local military personnel flights also will have lists of affected
airmen, Clarke said.
The letters and online notices include advice on how to check your
credit, how to file a fraud alert and who to contact if you suspect
identity theft. The notices also include the phone numbers and Web
links for the three major credit bureaus and the Federal Trade
Commission, the agency that deals with identity theft.
“There’s a lightly publicized amendment under the Fair Credit
Reporting Act that allows military members deployed away from home to
put an active-duty alert on for one year,” Clarke said. The alert
tells credit issuers to take extra steps to confirm your identity
before issuing new credit.
“The other thing it does is, it removes you from the
pre-screening lists for credit cards and insurance and all those other
things they sell the lists to, for two years,” Clarke said.
Affected airmen and officers also should let officials know if
there’s a problem, both to get legal help and give the investigators
more evidence with which to work.
“It’s an ongoing investigation, a joint investigation with
other federal law enforcement agencies,” said Capt. Regen Wilson,
spokesman for the Air Force Office of Special Investigations. “If
any Air Force members find any suspicious actions in their accounts,
they need to go to their legal office for advice and legal will notify
us.”
Air Force leaders had to try to balance the risk to airmen against
the possibility of catching the person or persons who went after the
information, Przybyslawski said.
“During this whole thing, the thing that overpowered all the
decision-making that we did in this, was all based on the airmen —
making sure we plugged the leak in the dike, making sure there were no
more leaks,” he said. “And we felt we had a strong obligation to
those airmen, also, to find out who was doing this so that we could
get a solid damage assessment of how far this went.
“We stopped the leak so it couldn’t happen anymore. And then we
turned it over to the OSI for them to try and catch the culprit.”
This was the first time the Air Force had faced this kind of
information breach — and there was no standard procedure for
handling it, like there is for something like an airplane crash,
Przybyslawski said.
Personnel officials went to the 8th Air Force network operations
center for help and called in the network security experts at the Air
Intelligence Agency. They also brought in the Air Force Office of
Special Investigations and legal specialists.
“There was a whole new series of cooperation, a coalition was
formed of many people who had expertise,” he said.
The breach was discovered late on a Friday afternoon and the
response team was brought together over that weekend, he said.
“We were on a full sprint come that first Monday,” he said.
The big question was how long to let OSI run with the
investigation, he said.
Personnel officials have increased the safeguards in the system to
make another such breach less likely.
That means it may be a little less convenient for the average
airman trying to legitimately access the system, but that’s the
trade-off for better security, officials said.
The Air Staff also is working on a new policy concerning computer
networks, Przybyslawski said.
“This gave us an indication that there are a lot of holes in our
policy, in not just how we do AMS. The last that I heard, there’s
over 100 systems out there that could have the same kind of
problem,” he said. “Now we’re going to apply lessons learned
across the entire enterprise.”
