Office of the Attorney General
Attorney General Stumbo Issues Consumer Alert for Kentucky Veterans and their Families

Press Release Date:  Wednesday, May 24, 2006  
Contact Information:  Vicki Glass, 502-696-5643 Office  


Attorney General Greg Stumbo today issued a consumer alert to Kentucky veterans and their families following the theft of 26.5 million veterans’ personal data announced yesterday by the Department of Veterans Affairs.  The stolen data contained identifying information including names, social security numbers, and dates of birth for veterans and some spouses, as well as some disability ratings.  In light of this occurrence and the potential impact on the 367,000 veterans living in Kentucky, Attorney General Greg Stumbo provides the following steps toward protection against identity theft.  In addition to this alert, Veterans should receive a mailed notification from the VA advising of steps veterans can take to protect their identities and personal information.  Information is also being provided at the following website:

http://www.firstgov.gov/veteransinfo.shtml

Veterans and their families may also call the following toll free telephone number: 800-FED-INFO (800-333-4636).

"It is unfortunate that Kentucky’s veterans have had their personal data compromised," said Attorney General Stumbo.  “It is important that they recognize that the possibility of becoming a victim of identity theft should be taken seriously and steps should be taken to protect against it.”

Frequently Asked Questions

How was the data stolen?
According to the VA, the veterans’ data was stolen from the home of a VA employee who had taken the data home without the knowledge or permission of the VA and in violation of VA policies.  Importantly, the affected data did not include any of VA's electronic health records or any financial information. It remains unclear whether the criminals who stole the employee’s computer intended to steal the VA data or are aware of the data’s contents.  The employee has been suspended pending the outcome of the investigation.

What is the earliest date at which suspicious activity might have occurred due to this data breach?
The information was stolen from an employee of the Department of Veterans Affairs during the month of May, 2006. If the data has been misused or otherwise used to commit fraud or identity theft crimes, it is likely that veterans may notice suspicious activity during the month of May.

Should I reach out to my financial institutions or will the Department of Veterans Affairs do this for me?
The Department of Veterans Affairs does not believe that it is necessary to contact financial institutions or cancel credit cards and bank accounts, unless you detect suspicious activity.

I haven't noticed any suspicious activity in my financial statements, but what can I do to protect myself and prevent being victimized by credit card fraud or identity theft?
The Attorney General strongly recommends that veterans closely monitor their financial statements including all bank and credit card accounts and review the guidelines provided on this webpage or call 1-800-FED-INFO (1-800-333-4636).  If you notice suspicious activity in your account, follow the steps below.

  1. Contact the fraud department of one of the three major credit bureaus:
    • Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
    • Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, Texas 75013
    • TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
    • Ask one of the credit bureaus to place a “fraud alert” on your account – each bureau will notify the other bureaus to place a fraud alert on each bureau’s files.
    • Consider whether to place a “security freeze” on your account (after July 12 – when the law goes into effect).
      • The “fraud alert” tells creditors to contact you before opening any new accounts or making any changes to your existing accounts.
      • Kentucky’s security freeze law will go into effect July 12.  Unlike the “fraud alert”, a “security freeze” actually prevents any potential creditor from accessing your credit report without your consent.  Information in your credit file contains personal information that may be used to steal your identity. However, it also makes it more time consuming for you to obtain credit as well, so you should carefully consider your options before placing a “security freeze” on your account. Under Kentucky law effective July 12, credit bureaus may charge a $10.00 fee to place a freeze on your credit file unless you are an identity theft victim and have a police report.   Credit bureaus may also charge $10.00 to temporarily lift the freeze at your request to authorize a creditor to access your file.  Each of the credit bureaus has additional information about security freezes and fraud alerts at the websites listed above.
    • As a victim of identity theft, you should obtain a copy of your credit report and monitor activity every few months. Ask the credit bureaus for names and phone numbers of credit grantors with whom fraudulent accounts have been opened. Ask the credit bureaus to remove inquiries that have been generated due to the fraudulent access. Consumers seeking a copy of their credit report more than once per year may be charged a fee.
  2. Close any accounts that have been tampered with or opened fraudulently:

    For any accounts that have been fraudulently accessed or opened, contact the billing inquiries and security departments of the appropriate creditors or financial institutions. Close these accounts. Use passwords - not your mother's maiden name - on any new accounts opened. Confirm your contact with a letter to the security department of each.  Ask that old accounts be processed as "account closed at consumer's request" rather than as "card lost or stolen" so your credit file won’t be interpreted as blaming you for the loss. Carefully monitor your mail and credit card bills and report immediately any new fraudulent activity to creditors.

  3. File a police report with your local police or the police in the community where the identity theft took place:

    Get a copy of the police report and retain for your records. Credit card companies and financial institutions may require you to show a copy of this report to verify the crime.  Keep the phone number of your investigator and provide it to creditors and others who require verification of your case.

  4. File a complaint with the Federal Trade Commission:

    Contact the FTC's Identity Theft Hotline by telephone: 1-877-438-4338, online at www.consumer.gov/idtheft, or by mail at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington DC 20580.

  5. Contest bills that result from identity theft:

    Consumer and privacy advocates suggest not paying any portion of a bill which is a result of identity theft and not filing for bankruptcy. Dispute credit card charges with the card company by writing to the address for "billing error" disputes - not the bill payment address. Follow the directions given by the credit card company for disputing charges. This information must be provided by the company. Your credit rating should not be permanently affected and no legal action should be taken against you as a result of identity theft. If any merchant, financial institution or collection agency suggests otherwise, simply restate your willingness to cooperate, but don't allow yourself to be coerced into paying fraudulent bills. Report such attempts to the Attorney General’s Office of Consumer Protection immediately.

  6. Get an ID theft victim’s kit from the Attorney General’s Office:

    Additional information is provided in the kit to assist you in minimizing any harm from having your identity stolen and in restoring your good name.  The kit is available online at http://ag.ky.gov/consumer/identity/  or you may call the Attorney General’s Office toll free at 1-888-432-9257 and choose option 3.