How did this event occur?
Data files needed to analyze payroll expenses were inappropriately transferred from a secure government server to an environment that is outside the Department of Defense system.
How many people could this affect and whom?
Approximately 868,000 current and former Army National Guard members; current and former members of the Army National Guard who were in a paid status from October 2004 to October 2014.
How much information may have been compromised?
Data files containing the individual names, full social security number, home address, and date of birth for about 868,000 former and current Army National Guard members that served since 2004.
How were the potential affected personnel alerted?
The Adjutants General for each State were notified of the incident on July 9th, 2015. The National Guard Bureau posted a source page at http://www.nationalguard.mil/Features/IdentityTheft.aspx that provides helpful steps on how to check credit reports, how to guard against identity theft, and who to call to report fraudulent activity using personal information. The National Guard Bureau established a toll-free call center number (877) 276-4729, (703) 607-7130 or (703) 607-9779 available from 8 a.m. to 4 p.m., Eastern Standard Time, Monday through Friday. The article posted at http://www.nationalguard.mil/News/ArticleView/tabid/5563/Article/607769/army-national-guard-announces-data-breach-establishes-call-center.aspx informs the public of the above resources. Additionally, a notice was sent to each State National Guard Adjutant General to disseminate to all members of their respective Army National Guard.
How can I tell if my information was compromised?
At this point there is no evidence that any data has been used illegally. However, as with any breach, there are some risks. The Federal Trade Commission recommends each individual to be extra vigilant and carefully monitor bank statements, credit card statements and any statements relating to recent financial transactions. If you notice unusual or suspicious activity, you should report it immediately to the financial institution involved.
What do I do if I think my personal identity information has been compromised?
Websites such as onguardonline.gov and consumer.ftc.gov are helpful sources of information to assist in the protection of potential identity theft. You have the option to place a fraud alert on your credit reports and review your credit reports for any suspicious activity. Close any accounts you know or believe to have been tampered with or opened fraudulently. File a complaint with the Federal Trade Commission and a report with the local police were the incident may have occurred.
What is being offered?
Fraud alert is available and free to Soldiers as a preventative measure if they think their personal identity information has been compromised. You can also call (703) 607-7130 or (703) 607-9779 between 8 a.m. to 4 p.m., Eastern Standard Time, Monday through Friday.
I haven't noticed any suspicious activity in my financial statements, but what can I do to protect myself and prevent being victimized by credit card fraud or identity theft?
The Federal Trade Commission recommends individuals monitor their credit report for any new accounts. You can find more information at http://www.consumer.ftc.gov/articles/0155-free-credit-reports.
What's a "Fraud Alert?"
"Fraud Alerts" assist in preventing an identity thief from opening or changing anymore accounts in your name. By contacting any one of the toll free "Big 3" consumer reporting agencies they are required to contact the remaining two agencies to place a fraud alert on your credit report. Additional information can be found on what type of fraud alerts exist and are available to you on any one of the recommended sites.
Should I reach out to my financial institutions or will the National Guard Bureau do this for me?
If you detect suspicious activity, we recommend you contact your financial institutions immediately. The National Guard Bureau will not contact financial institutions, or credit card companies on your behalf. The Federal Trade Commission recommends each individual to be extra vigilant and carefully monitor bank statements, credit card statements and any statements relating to recent financial transactions.
Where should I report suspicious or unusual activity?
The Federal Trade Commission recommends the following four steps if you detect suspicious activity:
- Step 1 – Contact the fraud department of one of the three major credit bureaus:
- Step 2 – Close any accounts that have been tampered with or opened fraudulently.
- Step 3 – File a police report with your local police or the police in the community where the identity theft took place.
- Step 4 – File a complaint with the Federal Trade Commission online at http://www.consumer.ftc.gov/features/feature-0014-identity-theft.
What is credit report monitoring?
The monitoring of your credit history in order to detect any suspicious activity or change in your credit history. Companies offer such service on a subscription basis, typically granting you regular access to your credit history, alerts of critical changes to your credit history and additional services. Credit monitoring can help you detect credit related fraud and identity theft. Using credit monitoring from a reputable company can help you quickly detect any misuse of your information.
What are the "Big 3" consumer reporting agencies?
How can I make a formal complaint?
Should anyone want to make a formal complaint, as allowed by DoD 5400.11-R, DoD Privacy Program, all complaints must be in writing and should be sent to: National Guard Bureau Privacy Office, Office of Chief Counsel (NGB/JA-OIP), 111 S George Mason Drive, Arlington VA 22204-1373, E-mail: ngb.privacy@mail.mil, Fax (703) 607-3684. Making a privacy complaint does not provide you with credit monitoring or any additional information and is normally used only when there are privacy issues an individual wishes to report, are not already known to the agency.
I know the Department of Defense maintains my health records electronically. Was this information also compromised?
No electronic medical records were compromised. The data lost is primarily limited to an individual's name, date of birth, social security number, home address, and dollar amounts they were paid.
Is this incident related to the OPM breaches?
No, this is not part of the OPM breaches. You may obtain information on the OPM breach at http://www.opm.gov/.
Where can I get further, up-to-date information?
The National Guard Bureau will continue to update this website with additional information as it becomes available. Please visit (http://www.nationalguard.mil/Features/IdentityTheft.aspx).
Why is credit monitoring not being offered like they are for the OPM breaches?
The OPM breaches involved a cyber incident where the data was specifically targeted to be stolen from the government, unlike this incident where the data left the servers in the performance of business. Due to the targeting of data held by OPM, the OPM is offering credit monitoring to individuals affected by their incident and will be sending letters to affected individuals through e-mail or US Postal Mail. Visit opm.gov/cybersecurity or call (866) 740-7153 for more information.