Wing combats identity theft

  • Published
  • By Staff Sgt. Andria J. Allmond
  • 512th Airlift Wing Public Affairs
Would you hand over your social security number to a stranger? How about posting your bank account information on an insecure website?

These scenarios may sound ridiculous, but breaches in the security of personally identifiable information and Privacy Act information are occurring throughout the Air Force Reserve.

"Personally Identifiable information, or PII for short, refers to any information that identifies, or can be used to identify, contact or locate the member," said Master Sgt. Anthony Harris, 512th Communications Flight and PA manager. "This includes the last four digits of a social security number."

Examples of paperwork or files that contain PII and PA include but are not limited to: performance reports, discharge packages, medical profiles, military orders, travel vouchers and recall rosters. Commonly, these items contain marital and dependent statuses, home addresses, assignment information or other protected information outlined in the Privacy Act of 1974, said Harris.

"This doesn't end at the work site," he said. "These same guidelines should be adhered to in our members personal lives."

Common methods in which a breach in security may occur include the following: PII-containing files and Privacy Act information are stored on unprotected share drives, emails containing Privacy Act information are sent without encryption and PA statements, and rosters and reports are taken off base and left in unsecure vehicles.

"By taking simple actions, we can significantly reduce our adversaries' ability to compromise our member's security," said Col. Raymond A. Kozak, 512th AW commander. "We are all vulnerable to these attacks. Therefore, we must function as wingmen in the arena of information safety. All Liberty Wing members, military and civilian, play a critical role in defending our networks, teammates and country."

From 2009 to 2012 the 512th Airlift Wing had 10 PII or Privacy Act compromises, potentially effecting 1,800 wing members.

"These PII and Privacy Act compromises arose upon discovery; if no one reports it, we will never know," said Harris. "The result is the (Department of Defense) getting struck with a lawsuit and millions of tax payer dollars spent, or someone's identity is stolen by an unauthorized access to the systems of record."

"Terrorists often use identity theft to attempt to gain access to our facilities and information," he continued. "And while we would like to assume we all are trusted agents, it's not the case. A threat from within is probable."

In fact, the Federal Trade Commission estimates over 9 million Americans have their identities stolen each year. The U.S. Department of Justice said identity theft has surpassed drug trafficking as the top crime in the U.S. Methods do exist that can limit the amount of PII and Privacy Act information leaked into unsecure territory.

First, members can dispose of all materials containing nonreleasable information in a manner that renders the information unrecognizable or incapable of reproduction. Methods of destruction include tearing, burning, melting, pulverizing or mutilation.

When personal information needs to be stored in an electronic form, it should be password protected and accessible only by individuals with a need to know.

Email guidance for personal information states including the term, "For Official Use Only" or "FOUO" at the beginning of the subject line. Also, secure emails must be encrypted or password protected.

All possible incidences of a PII or Privacy Act breach must be described to the 512th AW privacy act manager by calling, (302) 677-3497. In addition, with guidance given from the privacy act manager, the breach must be reported within one hour of the discovery to the U.S. Computer Emergency Readiness, at http://www.us-cert..gov/

"PII is your life; it's who you are, it's your family and it's your career," said Harris. "As Airmen, it's much easier for us to accomplish our mission if we are not worried about who has stolen our identity. Everyone plays a role in protecting our information, from the Airman fresh out of basic training to our senior leadership."