[ISN] Air Force investigates data breach

InfoSec News isn at c4i.org
Mon Aug 22 04:14:37 EDT 2005


http://www.computerworld.com/securitytopics/security/story/0,10801,104080,00.html

By Linda Rosencrance 
AUGUST 19, 2005
COMPUTERWORLD

The U.S. Air Force is notifying more than 33,000 officers that their
personal data has been breached by a malicious hacker, the Air Force
said [1] today.

The hacker used a legitimate user's ID and password to access personal
information on the officers contained in the Assignment Management
System (AMS), an online program used for assignment preferences and
career management, the Air Force said. That data included career
information, birth dates and Social Security numbers.

Lt. Col. Michele Dewerth, a spokeswoman for the Air Force Personnel
Center (AFPC) at Randolph Air Force Base in Texas, said there has been
no evidence of identify theft.

A systems operator at the air base discovered the breach sometime
between May and June, Dewerth said. She declined to be more specific
because of the ongoing investigation.

"Immediately upon discovery we put more security measures in place,"  
she said.

The personnel center also notified Air Force and federal investigators
that there was unusually high activity on a single user's AMS account
in June, according to the statement.

"We notified airmen as quickly as we could while still following
criminal investigation procedures with the [Air Force's Office of
Special Investigations]," said Maj. Gen. Tony Przybyslawski , AFPC
commander. "Protecting airmen's personal information is something we
take very seriously, and we are doing everything we can to catch and
prosecute those responsible under the law."

The breach involved data on half of the force's approximately 70,000
officers. It also affected fewer than 20 enlisted personnel, the Air
Force said.

[1] http://www.afpc.randolph.af.mil/pubaffairs/release/2005/08/AMS.htm





More information about the ISN mailing list