The hacker apparently used a legitimate user's login information to access and/or download individuals' personal information. The Air Force became aware of the hack in June, after unusually high activity was discovered in a single user's Assignment Management System (AMS).
According to the Air Force Personnel Center (AFPC) at Randolph Air Force base in San Antonio, ''not one incident of identity theft has been linked to this unauthorized access.''
The AMS is an online program used for assignment preferences and career management. It contains birth dates and Social Security numbers but does not hold personal addresses, telephone numbers or specific information on dependents.
In a letter to service personnel, Przybyslawsk said while the AMS records do not contain pay information, the stolen data could be potentially used to gain access to other systems that control military pay, direct deposits and other allotments.
He urged officers to login to an Air Force site and check if their information was viewed. If it was, they receive a pop-up banner after login that will provide more information. Przybyslawski also urged the officers to follow Federal Trade Commission guidelines for dealing with identity theft. Under the Fair Credit Reporting Act, everyone is entitled to one free credit check annually as part of new identity theft prevention measures.
''For the Air Force's part, we are conducting a wall-to-wall review of our personnel-related data systems to maximize the security of the systems,'' Przybyslawski wrote. ''This may cause some inconvenience to users as we increase our access requirements, but in the long run it will be our best way to protect our members against theft of personal information.''
In addition to birth dates and Social Security numbers, the information accessed in the hack includes marital status, number of dependents, civil educational degrees and major areas of study, school and year of graduation and duty information for overseas assignment.
''I also want to assure you that immediately upon discovery of the unauthorized access, we removed the AMS from service so that a complete security review could be done,'' Przybyslawsk wrote. ''A criminal investigation also began immediately; we delayed sending you this notice for a short time to give our law enforcement officials the best opportunity in the early critical time period to catch the perpetrator.''
This article was first published on internetnews.com.