The break-in occurred at the American Ex-Prisoners of War's Arlington, Texas, office on August 11 or 12. Police records indicate thieves stole several hard drives in addition to mail, checks and paper-based files.
Organization officials said the stolen records contained information on all of the group's 35,000 members and their families, including addresses, dates of birth, Social Security numbers and claims data.
The group is working with authorities to catch those responsible for the burglary. The US Department of Veterans Affairs is also investigating the thefts.
The group's leaders have urged members to watch for unauthorised activity, such as recently opened credit card accounts created with their Social Security number.
"[Few] organisations have a holistic plan for addressing data security and privacy," said Phil Neray, vice president at database monitoring software vendor Guardium. "Most have informal procedures, and certain aspects of procedures that are considered best practices are not implemented."
For example, few organisations encrypt hard drives, Neray said.
"This is the single biggest thing an organization can do to prevent theft of a hard drive, and it alone can stop the theft of a hard drive from turning into a security breach," he said.
"In many cases, people are storing information on ordinary Windows servers in an office somewhere…They need to put the same type of security controls around that information that a bank would put around its customers' financial information."
The American Ex-Prisoners of War, founded in 1942, provides a variety of social services to former US POWs, civilian internees and their families.
Personal records of 35,000 veterans stolen in burglary
By Jim Carr on Aug 29, 2007 10:52AM