More details emerge on DoDDS-EU breach
A previously reported breach that affected students at the Ramstein Intermediate School also affected students and sponsors at three other schools under the U.S. Department of Defense Education Activity– Europe (DoDDS-Europe). Until now, I didn’t know which other schools were involved, until a small item on Military.com provided their names.
On January 7, DoDDS-Europe issued the following statement:
In late-October, DoDDS-Europe became aware of the theft of computer memory devices that may have included personal information related to students and sponsors from School Years 2002-03 through this school year. The devices were stolen after normal duty hours from the car of a DoDEA employee which was parked in a locked garage.
The breach affected four different locations; Aukamm Elementary School (SY 2005-2006 and SY 2006-2007), Hainerberg Elementary School (SY 2005-2006 and SY 2006-2007, Ansbach Middle High School (SY 2002 to current school year) and Ramstein Intermediate School (SY 2010-2011 and SY 2011-2012).
Notices have been sent to sponsors of students at Ramstein IS, Aukamm, Ansbach and Hainerberg. However, there are a number of names for which no contact information could be found.
The memory devices contained Personally Identifiable Information (PII) on Aukamm students and their parents, specifically, Social Security Numbers (SSN), students SSN and birth date, sponsor spouse’s name, phone and email contact information, and CONUS emergency contact information such as telephone numbers and mailing addresses. At Ansbach, a majority of the data lost was student SSNs.
Although we cannot say with certainty, based on these circumstances we believe the probability is low that the information will be used inappropriately or for unlawful purposes. However, because Social Security numbers were involved, we believe that those potentially affected should consider taking such actions as are possible to protect against the potential that someone might use the information to steal an identity.
People should be guided by the actions recommended by the Federal Trade Commission at its Web site at http://www.ftc.gov/bcp/edu/microsites/idtheft/. The FTC urges that people should place an initial fraud alert on their credit file. The fraud alert is for a period of 90 days, during which, creditors are required to contact the person before a new credit card is issued or an existing card is changed. The site also provides other valuable information about actions that can be taken now or in the future should problems develop. Additional information is also available on the Social Security Administration web site,http://www.ssa.gov/reach.htm.
People may also want to monitor your credit reports by contacting any one of the three credit reporting agencies listed below. Each agency will explain how one may place a fraud alert and obtain a free copy of your credit report.
·Experian: 1-888-397-3742, http://www.experian.com
·Equifax: 1-800-525-6285, http://www.equifax.com
·Trans Union: 1-800-680-7289,http://www.transunion.com/index.jsp
One may contact us with questions and concerns by sending an e-mail message to [email protected] or addressing a letter to our APO address:
ATTN: Privacy Officer
Unit 29649, Box 7000
APO, AE 09002
DoDDS-Europe takes this loss very seriously and is reviewing current practices to determine what can or must be changed to preclude a similar occurrence in the future. Should anyone have any concerns or should they believe a problem has occurred after the 90 days of the initial fraud alert, please contact us at the email address provided and we will inform of the additional steps that we will provide to assist.
DoDDS-Europe is committed to ensuring that personally identifiable information must be treated in a manner that preserves and protects the confidentiality of the data. We sincerely regret that this incident occurred and for any concern this incident may cause our students and sponsors. Protecting sensitive information is very important to us and we will continue to do everything we can to correct this situation.
I e-mailed DoDDS-EU to ask for some additional details and will update this post when I get a reply.