The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian Web site.
According to the Navy, the information was in five documents and included people's names, birth dates and Social Security numbers. Navy spokesman Lt. Justin Cole would not identify the Web site or its owner, but said the information had been removed. He would not provide any details about how the information ended up on the site.
Cole said there was no indication so far that the information was used illegally, but individuals involved were being contacted and encouraged to monitor their bank accounts and credit cards.
The breach comes amid a rash of government computer data thefts, including one at the Agriculture Department earlier this week in which a hacker may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors.
As many as 26.5 million veterans and current military troops may have been affected by the theft of a laptop computer containing their Social Security numbers and birth dates. The computer was taken from the home of a Veterans Affairs Department employee in early May, and officials waited nearly three weeks before notifying veterans on May 22 of the theft.
As many as a half dozen federal agencies have been affected by computer data losses in recent months.
In a letter Friday to Defense Secretary Donald H. Rumsfeld, one member of Congress asked for details on the Navy incident, and questioned whether the Defense Department will make sure a free credit help is provided for those affected.
U.S. Rep. Edward Markey, D-Mass., said he had asked Rumsfeld two years ago about the implications of federal agencies outsourcing data collection and processing activities. While there is no indication that outsourcing was the problem in the Navy case, Markey said he wants to know what effect that would have on the security of information on military personnel.
The Naval Criminal Investigative Service is investigating the breach. The initial discovery was made by the Navy Cyber Defense Operations Command, which routinely monitors the Internet for such problems.
The Navy said individuals can place a 90-day fraud alert on their credit reports, and provided information on companies to contact. Cole said there has been no decision made yet on whether the Navy will pay for credit monitoring.