Tricare Data Breach Affects Millions – Check Your Mail

November 19, 2011 | Kate Horrell

As you may have heard, personally identifying information regarding up to 4.9 million people was stolen from the possession of a Tricare contractor on September 14, 2011.  The contractor, Science Applications International Corporation (SAIC), was responsible for maintaining information on patients who utilized San Antonio area military treatment facilities, including laboratory work.  As the San Antonio laboratory facilities process certain laboratory tests for military treatment facilities worldwide, this includes a large number of patients who have never been seen in a San Antonio area facility.   As part of the contract, SAIC was required to make backup copies of all information and transporting these backup copies to a remote location.

During transportation, the electronic files were stolen from the transporting vehicle.  Fortunately, the format of the backups requires specific hardware and software to access the data.  It is unlikely that the data will be viewed and used for any malicious purposes, but it is always good to be careful.

If the information were to be accessed, the personally identifying information of patients would be available to be used for fraudulent purposes.  Included information may include names, Social Security Numbers, addresses, dates of birth, phone numbers, laboratory tests, and care provider names and locations.  The Tricare Management Activity has asked SAIC to offer one year of free credit monitoring and identity theft restoration services to all patients whose information may have been included in the compromise files.

Obviously, they had to let people know whether they were involved.  The 4.9 million involved represents over half of all Tricare eligible beneficiaries in the entire world!  Letters were sent to patients whose information may have been involved, including letters to parents if the patient was a minor.  My family received some of these letters recently.  It appears that there are several forms of the letter, because our letters specifically reference laboratory work and the fact that the patient was a minor.

It is important to note that the letter does not specifically mention that in order to utilize the credit monitoring service offered in the letter, you have to call the SAIC Incident Response Call Center mentioned in the last paragraph of the letter.  They are open Monday through Friday, 9 a.m. to 6 p.m. US Eastern Time.  You may call toll free to 855-366-0140.  If you are calling from outside the US, you may call collect to 952-556-8312.  This is the same place to contact if you have other questions that were not answered in the letter.

General information about fighting identity theft can be found at The Federal Trade Commission’s website.

Comments

  1. Tyson says:

    I was notified that my data was stolen in this incident. I would love to know how my personal information was in the possesion of civilian contractor. I'm a reservist but I have NEVER been a customer of TRICARE. This is complete garbage, I guess DoD is just handing out our information now.

    • Jessica says:

      I was notified too. I would like to know why my information was in a car and even available for someone to walk away with it but what does being a civilian contractor have to do with anything? I am prior service who now works for the DoD as a civilian contractor.

  2. william says:

    William
    I hope that the Social security numbers are not used in the next election. Nothing should surprise anyone even if it was an inside job! The DOD should handle the data of all mil Personnel past and present in a closed system.

  3. Amber says:

    I just received one of these letters. Here's what I don't like: why is this SAIC place asking me to fill out this form with my ssn, phone number, name, address, dob, signature, and current date, and then they want me to just drop this in the "snail mail" to them??? Yeah, that'll really help with identity protection. And this letter specifically says not to contact them via he internet. I don't trust the entire scenario. I would love to have more answers about how this happened in the first place and how on earth they have not caught who stole the information. We found Bin Laden but we can't find this loser? Get Team 6 on the job!

    • guest says:

      SAIC is a MAJOR defense contractor for everything from the military geospatial information to data security to product development. And if you actually read the letter you would see that you only fill out the snail mail form if you don't want to do your own monitoring online. If you DO want to monitor online the second page of that letter tells you how to do it.

      • guest 2 says:

        I tried to sign up on line and the system said the code number, last name and zip code combination did not match their records. I tried entering the information several ways and it never did work.

        • dolphin says:

          i also got one of these letters. I thought it was a SCAM, but lucky for me I know someone who works for SAIC. They told me it was true and to follow the directions on the page and do everything online. I did and it worked for me. I would suggest to try it again, it will work. and I do feel safer now. This kind of stuff happens all the time. Everyone just take a big deep breath and calm down. I am sure SAIC and Tricare are doing everything to protect our info.

  4. Melissa says:

    Yea I thought it was a scam too.. What happens once the one yr of free protection is done

  5. tyler says:

    I just got the letter too.. I agree this is outrageous.. There is got to be something that we can do.. i don't think free credit monitoring is sufficient enough.. And it was stolen by mexico.. 4.9 million.. i wonder if the guy that was "transporting" it if he had in his honda civic going to starbucks to get some coffee.. and then they know about this in SEPTEMBER and now we get a letter.. what about commands notifying there people. Or V.A. telling people that are using tricare or better yet make it public and not be like "shit happens" I feel we deserve more answers than just "hey fill the sheet and call it a day"

  6. Maurey says:

    There should be consequences for such re occurrences for mishandling and/or not securing information such as SSNs, DOBs etc…Employees who are negligent should be fired. I bet none of their personal information was included.

  7. Thomas says:

    I dont really understand why we have to use the mail if it was tricare members who got their ID stolen why can we send Emails to government emails and have it just digitaly signed. you can sign it on behalf of you and your depentends if theirs were taken. Mailing SSNs is a bad idea unless it is going through the Base Post Office. If our info can get taken from a van it can be taken out of the mail.