Breach on Ancestry.com Affects 2,200U.S. Veterans' Information Mistakenly Posted
The U.S. Department of Veterans Affairs is offering free credit monitoring to more than 2,200 military veterans whose personal information, including Social Security numbers, was mistakenly posted on the website Ancestry.com for about eight months.
No personal health information was involved in the breach incident, the VA noted.
The genealogy website had requested, through the Freedom of Information Act, that the VA release data about deceased veterans. In December, the daughter of a veteran reported to the VA that her living father's personal information was on the website, and the VA determined that it had mistakenly provided information about thousands of living veterans. The website then immediately removed all the information the VA had supplied, says Jerry Davis, the VA's chief information security officer.
So far, there's no indication that any of the veterans' personally identifiable information was misused while it was posted on the site. But the VA is notifying those affected to offer them free credit monitoring and encourage them to take steps to protect against identity theft. Roger Baker, the VA's CIO, said in a Jan. 25 news media conference call that the investigation is continuing to determine if as many as 2,000 additional veterans were affected. If so, they also will receive free credit monitoring.
Based on its obligations under the Freedom of Information Act, the VA released information about more than 14 million deceased veterans, including names, Social Security numbers, dates of birth, dates of death, military branch assignments and dates entering and leaving active duty. The VA has launched an investigation into why information about living veterans was included in its database about deceased veterans. Baker, the CIO, acknowledges that more VA officials need to communicate with each other details about all Freedom of Information Act requests to help ensure only appropriate data is released.