AF personnel system gets hacked
On the face of it, it's ironic: I have trouble accessing my own account most of the time, often resorting to creating new passwords on every visit. Somehow, these yahoos figured out how pry open my personnel information as well as 33,300 others!
At the core, however, it's a horrible inconvenience. The biggest problem is that all of our social security numbers are now open-source intelligence. So even if none of us spot identity fraud today, our new-found vulnerability will last the rest of our lives. This is undoubtedly a major blow (actually, 33,330 blows!) to Air Force information assurance credibility.
In the Air Force's defense, the Aug. 18 form letter I received via email (read: "Dear Air Force Member") clearly spelled my options moving forward: Because of the incident, I am legally entitled to a free credit report from big-time consumer reporting firms, I can also take my case to the Federal Trade Commission and I have all the pertinent addresses, Web sites and phone numbers. In terms of outlining this crucial information, which sadly most Airmen would have probably neglected to research on their own, the Air Force gets a huge plus.
What irks me is the time it took to send out the notification. According to the message, the hacking occurred between May and June 2005. Out of the entire email, only one sentence addresses the issue ..."(W)e delayed sending you this notice for a short time in order to give our law enforcement officials the best opportunity in the early critical time period to catch the perpetrator(s)."
BULLCRAP! The Air Force should have contacted us immediately, if for no other reason than it was bad news ...I mean, if I'm obligated to immediately report "Fraud, Waste & Abuse" or computer security violations up the chain, I expect that respect to be reciprocated. And because of the blunder, 33,330 Airmen marinated in vulnerability for months, without a clue, the effects of which are yet to be determined.
The Air Force needs to nab the hackers who did this, and the details should be posted on Air Force Link -- I'm all for the occasional public hanging. More importantly, I hope the Air Force doesn't come away from this incident thinking that a 2-month notification delay is acceptable, because it ain't.