Victims of TRICARE data theft report financial fraud

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.nextgov.com/nextgov/ng_20120314_6971.php

By Bob Brewin
Nextgov
03/14/2012

Last fall, not long after someone stole computer tapes containing the 
health records of 4.9 million TRICARE beneficiaries, some of the victims 
discovered bogus charges on their credit card statements and unauthorized 
bank transactions.

The tapes were stolen in September 2011 from the car of an employee with 
TRICARE contractor Science Applications International Corp. who was 
transporting them from one federal facility to another in San Antonio, 
Texas. The employee left the unencrypted tapes in a parking garage for 
most of a workday.

In October 2011, the law firm Shulman, Rogers, Gandal, Pordy & Ecker of 
Potomac, Md., filed a $4.9 billion class action lawsuit against the 
Defense Department. Since then, Defense or SAIC have been hit with seven 
additional lawsuits charging the company and the government with 
negligence in the care of sensitive personal and health information.

In an amended complaint to the original suit against Defense, which now 
includes SAIC, plaintiffs said they started to notice fraudulent activity 
in their financial accounts soon after the theft:

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/