July 21, 2007

Possible Data Compromise for TRICARE users

Some Soldier's Mom links to a news release of possible risks to personal information security for certain members of TRICARE:

News Release : SAIC Addresses Possible Data Compromise
(SAN DIEGO and MCLEAN, VA) July 20, 2007

Personal information of certain uniformed service members, family members and
others was placed at risk for potential compromise while being processed by SAIC
under several health care data contracts for military service customers, the
company said today.
SAIC remedied the security lapses upon learning of them
and began working with the customers to mitigate any potential impact. Forensic
analysis has not yielded any evidence that any personal information was actually
compromised; however, the possibility cannot be ruled out. SAIC is notifying
approximately 580,000 households, some with more than one affected person.

"We deeply regret this security failure and I want to extend our
apologies to those affected by it," Chairman and CEO Ken Dahlberg said. "We are
concerned about the inconvenience and risk of potential compromise of personal
information this may cause. The security failure is completely unacceptable and
occurred as a result of clear violations of SAIC's strong internal IT security
policies. In this instance, we did not live up to the high level of performance
that our customers have learned to expect and demand from us. We let down our
customers and the service members whom we support. For this, we are very sorry."

The information was stored on a single, SAIC-owned, non-secure server at
a small SAIC location, and in some cases was transmitted over the Internet in an
unencrypted form. The contracts were with customers in the Departments of the
Army, Navy, Air Force and Homeland Security. The work was being done in
connection with TRICARE, the health benefits program for the uniformed services,
retirees and their families. The personal information at risk varies by
individual, but could include combinations of names, addresses, Social Security
numbers, birth dates, and/or limited health information in the form of codes.

The company is working closely with its government customers to mitigate
any potential inconvenience or harm the possible compromise of personal
information may cause. SAIC retained Kroll Inc. to provide services to affected
individuals, including an Incident Response Center with extended hours,
information resources, and credit and identity restoration services for any
victims of related identity theft. These services will be provided at no cost to
the government or the affected persons. The pre-tax cost of these services,
which will be included in SAIC's financial results of operations for the three
months ending July 31, 2007, is estimated to be in the range of $7 million to $9
million, excluding costs for credit restoration services if any related identity
theft occurs.

See detailed information on the company's response including contact information if you should have questions.

No comments: