Tricare data breach affects 4,700 families

December 10, 2007

By Karen Jowers - Staff writer

Letters are in the mail to about 4,700 households who submitted claims through the Tricare Europe office since 2004 about a data breach involving their personal information - a month after the breach was reported.

Most of those affected have since moved from Europe.

Electronic Data Systems notified Tricare on Nov. 7 that they had not properly secured a part of the system it maintains for Tricare, and "certain external entities" had been allowed access to a file with personal information.

That file contained full or partial Social Security numbers. For one or more members of each household, it included their name, date of birth, and a medical diagnosis code associated with a health benefits claim submitted to Tricare Management Activity.

"We don't think this is a malicious intrusion," said Julie Basa, a spokeswoman for EDS, an information technology company that supports a health benefits system for the Defense Department's Tricare Management Activity. There has been no indication that any data has been misused, she said.

Letters were sent Dec. 4 to the 4,700 households. The month's lag in time between the discovery and the notification of those affected "is due to the time needed to analyze what happened, what/how much data was affected, the level of the compromise, and then of course to match affected beneficiaries up with addresses," said Tricare spokeswoman Bonnie Powell, in an e-mail response to questions.

EDS officials had to determine which information was accessed, Basa said. "We met all the DoD notification requirements. We did that within the 10-day time frame of knowing who was affected," she said.

Most of those notified now have permanent residences in the U.S., Powell said. "We are making every effort to notify them," Basa said, noting that if a letter is returned to them, they will find the correct address.

EDS officials' letter to beneficiaries states that the data breach was discovered during a security review of a computer system that EDS maintained for the Tricare Management Activity. The information that was potentially compromised existed between 2004 and 2007, EDS officials said.

EDS has modified its security system. While they have not seen indications of misuse, they said, they are informing beneficiaries of steps they can take to protect themselves.

When personal information is stolen, it can be used to commit identity theft. Thieves can obtain new credit cards and get loans under the victim.s name and Social Security number and run up large bills before the victim realizes his or her credit is being ruined.

To help the Tricare households monitor their credit reports, EDS is providing a free one-year enrollment in Equifax Credit Watch Gold to each affected adult member in the household. This provides comprehensive credit file monitoring of credit reports at all three major credit agencies, of which Equifax is one; automatic notification of key changes to credit files; and $20,000 in identity theft protection with no deductible.

An incident response center has been set up to answer questions, available 8 a.m. to 8 p.m. Eastern time Monday through Friday, through Feb. 1, at (800) 556-3195. Those outside the U.S. should dial their country.s AT&T USADirect. Collect calls will also be accepted at (856) 651-4297 if the toll free number does not work.

More information is available from Tricare.

main page ATTRITION feedback