`Information Age' can lead to information theft
AIR BASE, Republic of Korea -- "It can happen to anyone."
Senior Master Sgt. Troy Bieber, 51st Communications Squadron cyber systems superintendent, used those words to remind everyone that they could be a potential victim of identity theft.
Bieber, who has had to deal with a stolen identity in the past, recounted his experience while stationed at Okinawa Air Base, Japan, when he used a computer at the base library to take care of some online banking. The computer turned out to have hidden malware that captured the keystrokes for his password, and even though the site he used was encrypted, someone was able to decipher his password.
"Someone who knew what they were looking for opened up a department store credit card in my name and charged $1,800 on it," Bieber said. "When I returned to the states to buy my first house using a VA (Department of Veterans' Affairs) loan, it was already showing up as bad credit. It took about eight months to clear up."
Although Bieber's experience involved a breach in his personal information security, Robert Olivero, 51st CS base records, Freedom of Information Act and Privacy Act manager, said this type of incident could easily happen in a workplace setting, but certain steps can mitigate the risk.
"Any e-mails that contain personally identifiable information must be encrypted and have `FOUO' (For Official Use Only) in the subject line," Olivero said. "The Privacy Act statement must be at the top of the e-mail, but it cannot be used in e-mails that don't contain PII."
Since the changes were made to Air Force Instruction 33-332, "Air Force Privacy and Civil Liberties Program," government e-mails are now screened for PII violations. If a violation is found, that user's account will be locked and the first colonel in the user's chain of command will have to intervene to have it unlocked.
Olivero said there are a few common mistakes leading to violations that can easily be avoided.
"A lot of people send spreadsheets or Excel documents and don't check all of the tabs to see if they contain any PII," Olivero said. "The number on the back of your common access card is also now considered PII, and that has to be protected."
Bieber said his advice for others is to only use one's personal computer when engaging in activities like online banking, and that people not put too much faith in "private" networks.
"Monitor your credit report annually for any suspicious activity, and sign up for credit fraud alert," Bieber said. "Any password can be cracked, too, if given enough time to run a good password-cracker tool. At that point, that person has your digital fingerprints and they become you."
Olivero said today's world is very conducive to identity theft, and that people should always remain vigilant.
"People need to be more cautious," Olivero said. "It's very important to protect others' PII just as you would protect your own."
For more information about PII protection, contact the Privacy Act Office at 784-6675/8068. Military members with Sharepoint access may also request the link to the 51st CS Sharepoint site PII information page to view instructions on how to properly send PII.