Mississippi 155th Heavy Brigade Combat Team Puts 2,672 Troops at Risk of ID TheftFOR IMMEDIATE RELEASE: October 8, 2010
Media Contact: Aaron Titus
JACKSON, Mississippi. The Mississippi National Guard has breached 3,323 personnel records online of active-duty Mississippi National Guardsmen and women of the 155th Heavy Brigade Combat Team, who returned from deployment in Iraq last year. The breached files contain 2,674 unique names and 2,672 social security numbers. The breach occurred on or before September 10, 2010 at the Mississippi National Guard's website until they were discovered in early October, 2010 by the Liberty Coalition. During that time, the files were potentially available to anyone in the world with an internet connection. Within minutes after the Liberty Coalition notified the Mississippi National Guard of the breach, access to the site was restricted and the 155th was notified of the breach.
At least 12 separate files containing sensitive personal information were posted on the 155th Heavy Brigade Combat Team's Sharepoint website, which was unencrypted, insecure, and did not require a password to access. Other information breached included 31 dates of birth, home and cell phone numbers, email addresses, test scores, ranks, pay grades, security clearance information.
The files were created between late 2006 and 2008, and were added to the National Guard website on September 10, 2010 by "Carwyle, Kevin W WO1 MIL NG MSARNG." Various authors of the documents include kevin.l.ingram, amos.parker, phillip.starling, Clifton L. Marshall, george.pender, earl.dorris1, michael.a.honeycutt, and kevin.nichols, although none of these individuals appear to have any connection to the breach. Breaches of this sort typically occur when old files are backed up to new systems, which is what appears to have happened in this case. Since the files with the sensitive information were among hundreds of other administrative files, the Liberty Coalition believes that the breach was unintentional.
In a statement, Col. Timothy Powell, Spokesperson for the Mississippi National Guard stated,
The protection of personal and sensitive information is paramount in the Mississippi National Guard and we take this very seriously by incorporating numerous layers of internet security on our websites. We have identified potential breaches of information, and as an additional caution, the websites in question have been temporarily blocked and cannot be accessed. All individuals affected are being notified at this time as to the extent of the information that was breached, and what cautionary measures should be taken to mitigate and safeguard such information.Victims of this breach are at elevated risk of identity theft and fraud. The Guard has set up a hotline for those affected: (662) 891-9704.
Again, we take this very seriously, and the Mississippi National Guard will continue to take all security measures to ensure that all personal and sensitive information is kept confidential.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.