Shostack + Friends Blog Archive


US Air Force, 33,000 SSNs, Hacker

In : Half of USAF’s officers’ PII stolen, Chris points to stories about “AFPC notifies Airmen of criminal activity exposing personal info,” and “Air Force investigates data breach.”

AMS, an online program used for assignment preferences and career management, contains career information on officers and enlisted members as well as some personal information like birth dates and social security numbers, according to Col. Lee Hall, director of assignments at AFPC. It does not contain personal addresses, phone numbers or specific dependent information.

A malicious user accessed approximately half of the officer force’s individual information while only a handful of noncommissioned officers were affected, according to Lt. Col. John Clarke, AFPC’s deputy director of Personnel Data Systems. The individual used a legitimate user’s login information to access and/or download individuals’ personal information.

Air Force persnonnel can login into Military Personal Flight to see if they’re affected.

[Added: Annoying as it may be to those airmen to use a Navy site, the Navy Times has useful information in “ Thousands of Air Force officers’ ID files hacked:

“There’s a lightly publicized amendment under the Fair Credit Reporting Act that allows military members deployed away from home to put an active-duty alert on for one year,” Clarke said. The alert tells credit issuers to take extra steps to confirm your identity before issuing new credit.

(Navy Times article via Cotse’s Privacy Watch.)]