SAIC said yesterday that a computerized database containing personal information on military personnel and their families in about 580,000 households may have been compromised.
The San Diego defense contractor, also known as Science Applications International Corp., was processing the data under contracts related to TRICARE, the health benefits program for the armed services, retirees and their families.
The company said the personal information varies, “but could include combinations of names, addresses, Social Security numbers, birth dates and/or limited health information in the form of codes.”
The health care database included service members of the Navy, Army, Air Force and Department of Homeland Security.
The information was stored on a single SAIC-owned, nonsecure server in Shalimar, Fla., SAIC spokeswoman Melissa Koskovich said by e-mail yesterday. In some cases, data were transmitted over the Internet in an unencrypted form.
“Forensic analysis has not yet yielded any evidence that any personal information was actually compromised or that anyone 'broke in' to the server,” Koskovich wrote.
“There's a little bit of mystery about it,” said Alan Paller, director of research for the SANS Institute, a Maryland-based cooperative for system administrators and network security. “What you got was enticing, but it's hard to tell from their statement what happened. We don't know enough to even hypothesize.”
The company told The Associated Press that it was notified May 29 by the Air Force in Europe that it had detected an unsecured transmission of health care information. SAIC said it has since fixed the security problems and advised the people who might be affected.
Koskovich could not say what percentage of the 580,000 households are deployed overseas. Those people probably would face the biggest hardships in trying to deal with any problems.
The biggest risk in such incidents usually is identity theft, in which criminals use someone's Social Security number and other personal information to authenticate fraudulent purchases and drain bank accounts.
SAIC said it has arranged to provide free assistance to affected people through Kroll Inc., which will provide information on credit, fraud and identity-theft matters. Kroll also will staff an “incident response center” with extended hours for the convenience of service members posted overseas.
The largest breach of consumer information was disclosed in March by the TJX Cos., the Massachusetts-based operator of off-price retailers such as T.J. Maxx and Marshalls. The company said credit-and debit-card data on at least 45.7 million customers were stolen through a massive, long-term electronic break-in.
Bruce Bigelow: (619) 293-1314; bruce.bigelow@uniontrib.com
