- Filed Under
The Army has been slow to inform 31 soldiers who received the Medal of Honor and Distinguished Service Cross, or their families, that the recipients' Social Security numbers were posted online.
More than a week after the breach http://www.armytimes.com/news/2012/09/army-decorated-soldiers-data-breach-092812w/">was made public, eight recipients of the DSC, the military's second highest award for valor, said they had not heard from the Army and were unaware of the breach until Army Times informed them.
"I haven't received a phone call, and I think 31 phone calls could be accomplished inside of a week. That would be kind of an expectation," http://www.militarytimes.com/citations-medals-awards/recipient.php?recipientid=3665">said retired Master Sgt. Don Hollenbaugh, who was awarded the DSC for his actions as a Delta Force team leader during a 2004 firefight in Fallujah, Iraq.
Rep. Duncan Hunter, a member of the House Armed Services Committee who served in Iraq and Afghanistan as a Marine Corps officer, sent http://www.militarytimes.com/projects/pages/hunter-letter-mchugh.pdf">a letter Thursday to Army Secretary John McHugh to urge swifter action.
"It is critical that this issue is resolved immediately and the soldiers and families comprising the 31 individuals whose information was released are immediately informed, at the very least, of the data breach and provided every reassurance that the Army is taking the necessary action," Hunter, R-Calif., said in the email.
The exposed database — since removed — contained 518 records of the Medal of Honor, Distinguished Service Cross and Silver Star recipients for actions since the global war on terror began in 2001. In the database, Social Security numbers appeared for 31 soldiers total, the six MoH and 25 DSC recipients, but none of the Silver Star recipients.
Hunter said affected soldiers and relatives contacted him, saying they had yet to be notified by the Army and were unsure what corrective action the Army plans to take.
One mother of a posthumous Medal of Honor recipient expressed "frustration and concern" that news of the breach came from media reports and not the Army.
"America's military heroes are not exempt from identity theft or any other risk associated with the acquisition of an individual's personal identifying information," Hunter said. "I look forward to learning the Army's plan for notifying affected soldiers and families, as well as all other corrective steps being taken in direct response to the data breach."
Hunter, on Oct. 3, called on Army Secretary John McHugh to take a closer look at nine possible Silver Stars to make sure they were awarded to their recipients. The nine names appeared in a database of Army award recipients Military Times discovered online on Sept. 28, but not in the Defense Department's own public database.
The Army is investigating how the database and sensitive information was placed online. The Army had provided data about award recipients to the Alexandria, Va., creative services firm Brightline, which contracts with the Army to build a "Galley of Heroes" kiosk.
Erik Muendel, chief executive officer of Brightline, told Army Times last month his company was also investigating. He said his company was not authorized to handle sensitive information and that it was unclear how or why the database appeared on the internet. Brightline did not immediately return a call seeking comment.
http://www.militarytimes.com/citations-medals-awards/recipient.php?recipientid=3670">Retired Capt. Walter B. Jackson, said he was "disappointed" not to have received a call from either the Army or Brightline about the matter. Jackson was awarded the DSC for treating a wounded soldier, initially refusing treatment for his own gunshot wounds in Al Anbar province, Iraq, in 2006, and he retired last year.
"There's privacy issues, it should have been disclosed in the first place," Jackson said. "It's disappointing and scary to think that information could get out there so easily. I've heard of government laptops being compromised, but what's one to do when the information's out there [online].""
Retired Sgt. Felipe Pereira, said he already subscribes to the identity theft protection service Lifelock, but he is nonetheless considering calling the FBI. Pereira received the DSC earlier this year for evacuating wounded soldiers in the midst of a firefight in Senjaray, Afghanistan, in spite of his shrapnel wounds and enemy fire.
"I'm sure the Privacy Act was violated, and whoever has jurisdiction should see if criminal charges need to be filed," Pereira, of Nashville, Tenn., told Army Times.
http://www.militarytimes.com/citations-medals-awards/recipient.php?recipientid=3668">Former Sgt. Chris Corriveau said he said he had little faith Army officials would admit to a mistake, if they made one, but he hoped they would — especially if the information was exposed for a long time. Corriveau, who received the DSC in 2008, is credited for fighting off an enemy force in close combat for control of a rooftop in Iraq.
"If the [social security numbers] were up for an hour or two then probably not, but it was up for six months, yeah," said Corriveau, now a pipe welder in Albertson, N.C. "If at this point, if they felt there was a threat, I hope they would tell me."
Hollenbaugh, now head of a private tactical instruction firm in Meridian, Idaho, said his personal information was once taken by hackers in a private-sector data breach. His employer notified him promptly and offered to pay for identity theft protection, he said.
Hollenbaugh said he did not want to second-guess the Army's response, but he said, "I'm sure their protocol calls for something, and I'm sure they're having meetings about this."
http://www.militarytimes.com/citations-medals-awards/recipient.php?recipientid=3658">Sgt. 1st Class Jarion Halbisengibbs, a 10th Special Forces Group official, was also willing to give the Army and Brightline the benefit of the doubt, but he said they should do more to protect the effected soldiers.
"Knowing there was a breach like that, it wouldn't be a bad idea for them to foot the bill for Lifelock," said Halbisengibbs, awarded the DSC for his actions during an assault on an insurgent stronghold in Samarra, Iraq, in 2007. "For piece of mind for them and us, that would be a good call."
Thomas McGinnis, the father of posthumous Medal of Honor recipient http://www.militarytimes.com/citations-medals-awards/recipient.php?recipientid=2804">Spc. Ross A. McGinnis, said he had not heard from the Army either. He said that his deceased son would not be an effective target for identity thieves, but living award recipients deserve to be alerted.
"I would think they would want to call the ones who are living first," said McGinnis, a 62-year-old retiree. "If someone sets up an identity as Ross A. McGinnis, if they bill my son, they can't make him pay it."