An online intruder has disappeared into the wild blue yonder with personal data on
approximately half of the U.S. Air Force’s 70,000 officers. The information stolen includes birth dates and Social Security numbers on about 33,000 officers, military officials confirmed Friday.
The hacker apparently used a legitimate user’s login information to access and/or
download individuals’ personal information. The Air Force became aware of
the hack in June, after unusually high activity was discovered in a single
user’s Assignment Management System (AMS).
According to the Air Force Personnel Center (AFPC) at Randolph Air Force
base in San Antonio, “not one incident of identity theft has been linked to
this unauthorized access.”
The AMS is an online program used for assignment preferences and career
management. It contains birth dates and Social Security numbers but does not hold personal addresses, telephone numbers or specific information on dependents.
“We notified airmen as quickly as we could while still following criminal
investigation procedures,” Maj. Gen. Tony Przybyslawski of the AFPC said in
a statement released Friday. “We’ve taken steps to increase our system
security. We’re working with all Air Force agencies to identify
vulnerabilities.”
In a letter to service personnel, Przybyslawsk said while the AMS records do
not contain pay information, the stolen data could be potentially used to
gain access to other systems that control military pay, direct deposits and
other allotments.
He urged officers to login to an Air Force site and check if their information
was viewed. If it was, they receive a pop-up banner after login that will
provide more information. Przybyslawski also urged the officers to follow
Federal Trade Commission guidelines for dealing with identity theft. Under
the Fair Credit Reporting Act, everyone is entitled to one free credit check annually as part of new identity theft prevention measures.
“For the Air Force’s part, we are conducting a wall-to-wall review of our
personnel-related data systems to maximize the security of the systems,”
Przybyslawski wrote. “This may cause some inconvenience to users as we
increase our access requirements, but in the long run it will be our best
way to protect our members against theft of personal information.
In addition to birth dates and Social Security numbers, the information
accessed in the hack includes marital status, number of dependents, civil
educational degrees and major areas of study, school and year of graduation
and duty information for overseas assignment.
“I also want to assure you that immediately upon discovery of the
unauthorized access, we removed the AMS from service so that a complete
security review could be done,” Przybyslawsk wrote. “A criminal
investigation also began immediately; we delayed sending you this notice for
a short time to give our law enforcement officials the best opportunity in
the early critical time period to catch the perpetrator.”
