The break-in occurred at the American Ex-Prisoners of War's Arlington, Texas, office on Aug. 11 or 12. Police records indicate thieves stole several hard drives in addition to mail, checks and paper-based files.
Organization officials said the stolen records contained information on all of the group's 35,000 members and their families, including addresses, dates of birth, Social Security numbers and claims data.
The group is working with authorities to catch those responsible for the burglary. The U.S. Department of Veterans Affairs is also investigating the thefts.
The group's leaders have urged members to watch for unauthorized activity, such as recently opened credit card accounts created with their Social Security number.
"[Few] organizations have a holistic plan for addressing data security and privacy," said Phil Neray, vice president at database monitoring software vendor Guardium. "Most have informal procedures, and certain aspects of procedures that are considered best practices are not implemented."
For example, few organizations encrypt hard drives, Neray said.
"This is the single biggest thing an organization can do to prevent theft of a hard drive, and it alone can stop the theft of a hard drive from turning into a security breach," he said. "In many cases, people are storing information on ordinary Windows servers in an office somewhere…They need to put the same type of security controls around that information that a bank would put around its customers' financial information."
The American Ex-Prisoners of War, founded in 1942, provides a variety of social services to former U.S. POWs, civilian internees and their families.
Click here to email West Coast Bureau Chief Jim Carr.
Click here for the latest SC Magazine Podcast – Aug. 27, 2007: A monster (.com) of a data theft