A security breach at the Pentagon's official credit union has exposed the personal and financial records of members of the U.S. military and their families, putting hundreds of thousands of people at risk for identity theft.
The Pentagon Federal Credit Union’s (PenFed) database, which includes names, addresses, Social Security numbers and credit card numbers, was accessed by a malware-infested PC, Paul Roberts of the security firm Kaspersky Lab reported.
Chartered in 1935, PenFed serves about 100,000 members in the Air Force, Army, Coast Guard, Department of Homeland Security, Department of Defense and the Veterans of Foreign Wars. PenFed offers mortgages, credit cards and loans to its customers, and has $15 billion in assets.
The full extent of the data breach is not yet known. Roberts reported that the attack was discovered Dec. 12 and that so far 514 New Hampshire residents have been affected.
In a letter mailed to customers, PenFed's executive vice president of operations, Roderick Mitchell, said, "We have no indication that your information has been misused." No PINs or passwords were accessed in the breach, Mitchell said.
PenFed reissued all credit and debit cards to members whose account information may have been obtained illegally.
In an unrelated development, PenFed posted an alert on its website notifying customers that a man named Dick Bennett has been posing as a PenFed underwriter, phoning people to tell them their mortgages are being sold, and then requesting personal information.
Online attacks against credit unions and government employees are nothing new. A sheriff's office in Colorado was victimized in December, exposing the names and addresses of confidential drug informants. Cybersecurity experts believe high-profile data breaches will continue to occur because the rewards of obtaining sensitive government data are so high.
The Identity Theft Resource Center reported that data breaches in general rose 33 percent in 2010 from the previous year.
