New information revealed Tuesday suggests that the personal information of active-duty armed forces personnel has been compromised as part of the ongoing Veterans Affairs data theft scandal.
U.S. Department of Veterans Affairs officials said yesterday that the names, Social Security numbers and dates of birth of about 2.2 million active-duty, National Guard and Reserve troops were likely stored on the same computer that was stolen from a VA employee's home last month. That device contained information on 26.5 million U.S. veterans.
The VA admitted earlier that the names of about 50,000 active-duty troops may have been involved, but came forth with the larger number after comparing its electronic records with those of the Pentagon.
This is the latest revelation in a widely publicized incident that refuses to go away. The VA confirmed May 22 that records for every veteran discharged from the military since 1975 were stolen from the home of an agency employee. The records contained the names, Social Security numbers and dates of birth of the veterans and some spouses.
Security experts have said the incident shows that public and private organizations must do more to protect the information they keep and that Congress must offer stronger guidance.
"This should be a major wake-up call that one small event can have a potentially dramatic impact on millions of lives," Paul Kurtz, executive director of the Arlington, Va.-based Cyber Security Industry Alliance, said last week. "I would think this should raise more awareness in the public consciousnesses."
However, some industry observers have suggested that the sheer bulk of stolen information may prove to be what protects many veterans' from identity fraud. Pete Lindstrom, research director of Spire Security LLC in Malvern, Penn., suggested in his Spire Security Viewpoint blog last week that there's a "finite limitation" to the number of Social Security numbers that may actually be used for fraud.
Given all the work required to convert Social Security numbers into financial gains, Lindstrom said it's best for each individual involved to be one of many.
Also in recent days, thieves have made off with notebook computers containing data belonging to former employees of supermarket chains Stop & Shop, Giants and Tops; Hotels.com customers; and Massachusetts and Rhode Island YMCA members, potentially putting more than 300,000 people at risk for identity theft.
This article originally appeared on SearchSecurity.com.
Dig deeper on Data governance strategy