Google
What is Co-Managed Care for Veterans?

Army Releases Social Security Numbers of Medal of Honor Recipients


The good news is there is now an amazingly complete database of Medal of Honor and Distinguished Service Cross and Silver Star recipients available online – with details on their tremendous bravery and sacrifice.

The bad news is that it’s so complete that it contains many of their Social Security Numbers.

Military Times is reporting that the Social Security numbers of 31 recipients of the Medal of Honor and Distinguished Service Cross have been released from military custody and posted on the Internet. If true, this is an apparent violation of the Health Insurance Portability and Accountability Act (HIPAA), which imposes stiff penalties on anyone responsible for leaking personally identifiable information to individuals or organizations that don’t have a need for the information.

The Military Times reporter, Joe Gould, seems to have been taken in by some spin the Army public affairs people put on the ball: Here’s his opening paragraph:

"The Army is investigating how a defense contractor’s data breach left vulnerable the Social Security numbers of Army’s most highly decorated soldiers, when a comprehensive awards database was posted online."

The Army is encouraging you to take your eye off the ball. “Look at what the defense contractor did!”

No.

Look at what the Army did. Specifically, Human Resources Command – the folks responsible for just about everything related to your records that’s not still on your unit clerk’s desk waiting to be processed.

Background

The release of Social Security numbers is specifically prohibited by law in most states. But the federal government of course uses your Social Security Number as a unique identifier for a wide variety of purposes – including as a taxpayer ID number for individuals, a Medicare tracking number, and (of course) as a replacement for the serial numbers the military used prior to the passage of the Social Security Act of 1935 and through World War Two.

Currently, the Federal government uses Social Security Numbers on over 40 million Medicare Identification Cards and some 7 million Department of Defense ID cards. So you are already flashing your Social Security Number every time you show your military ID to establish your age to buy alcohol or cash a check – though the military is now phasing out the use of SSNs on newly-issued ID cards. (If you want an ID card with no SSN information on it, go down to DEERs and have them make a new one for you and your dependents).

Critics have long argued that culturally, the Department of Defense has demonstrated a reckless disregard for the release of personally identifiable information that puts military members at an elevated risk of identity theft.

A 2007 report entitled The Military’s Cultural Disregard for Personally Identifiable Information made a detailed case for reform.

The disclosure is not harmless. In one instance, a former Naval Petty Officer managed to obtain the Social Security numbers of thousands of fellow servicemembers (it’s not hard), and then leveraged the protected information to steal more than a million dollars from financial institutions.

Personnel clerks and others with access to personal information are all routinely given training in the confidentiality of personal information. But we cannot expect those hired as Web developers on a military contract to have the same background and training. Yes, maybe the web designer building the awards database should have caught the breach. But it was definitely the Army’s job to protect the information in the first place.

Trying to direct the spotlight on the contractor here is inexcusable. This was Human Resources Command’s screw up from the beginning.

Share This


Related Topics