Data Breach at Commissioned Corps HQ
10/3/2016 12:00:00 AM
In an email on October 3, the Commissioned Corps Headquarters confirmed, "unauthenticated visitors to CCMIS could access PII, including names, dates of birth, and Social Security numbers." Headquarters was referring to data with personally identifiable information (PII) stored in the Commissioned Corps Management Information System (CCMIS). Read the complete message below. Click here for the Surgeon General's web page with more information. Email CCinfo@hhs.gov for any questions.
LifeLock Discount for COA Members
The COA Group Insurance Program offers a discount for LifeLock, a well-known identity theft protection service. As a member of COA, you can receive 30 days FREE and 10% off the annual price of $99.00. Use Promo Code: COAEM1 How much is peace of mind worth to you?
Find more information at: http://www.coainsurance.com/lifelock
October 3 Message from Commissioned Corps Headquarters
We are writing today because the Commissioned Corps Headquarters (CCHQ) has confirmed an issue regarding personally identifiable information (PII) in the Commissioned Corps Management Information System (CCMIS), which is used to manage functions such as new employee onboarding, payroll, leave, and time and attendance. The Department has learned that unauthenticated visitors to CCMIS could access PII, including names, dates of birth, and Social Security numbers. Based on our investigation, affected individuals are those served by this website-based system: current, retired, and former Commissioned Corps officers and their dependents.
As the investigation proceeds and we learn more, we will communicate with you regularly to share new information.
We took steps to immediately disable the website, and it remains inaccessible while this matter is under investigation. Teams across the Department and across government are working to learn as much as we can as quickly as we can, and to further improve our systems to prevent this type of issue in the future. When we have fuller information, we will be able to provide that information. We do want to assure you that this issue did not affect our ability to process the monthly payroll delivered on September 30.
We understand firsthand how concerning it can be to learn that your personal information may have been accessed by unauthenticated users, and we take this issue very seriously. While we wanted to make sure you received timely notification of this issue, there are many questions for which we do not have enough information to answer at this time. Again, as the investigation proceeds and we learn more, we will communicate with you regularly, including a thorough formal notification letter sent to your mailing address. Next steps could include offering identity protection services to affected individuals. In case you would like to take immediate steps to protect your personal information, we are attaching information about how to request a free credit report and how to report unusual activity or potential errors on your credit report.
Securing your personal information, providing you with timely updates on this issue, and taking steps to further improve our systems are our highest priorities. We are developing and will be regularly updating a set of frequently asked questions (FAQs) about this issue. If you have questions you would like to see answered as part of the FAQs or if you have additional feedback, we encourage you to use the dedicated email address for this issue: CCinfo@hhs.gov.
Thank you for your attention to this matter. We are committed to addressing this situation promptly and transparently as we move forward together.
Karen B. DeSalvo, MD, MPH, MSc
Acting Assistant Secretary for Health
Vivek H. Murthy, M.D., M.B.A
Vice Admiral, USPHS
U.S. Surgeon General
Photo: Wright Technologies