This may sound like a political rant, but I'm aiming more for a wake-up call. Here goes: Someone at the Energy Department needs to be fired, and it's probably Linton F. Brooks.
Brooks is the top administrator for the National Nuclear Security Administration (NNSA), a branch of the Department of Energy. On Friday, in a hearing before Congress, Brooks testified that a computer hacker stole sensitive information on 1,500 NNSA workers from a center in New Mexico.
When I say "sensitive," I mean names, Social Security numbers, birthdates, and security clearance data -- basically, everything that was lost in the VA security breach, and then some.
That's not all. After the theft, neither the secretary of Energy nor the victims were notified for -- wait for it -- nine months. Un-freaking-believable.
It's a startling tale of incompetence -- and a surprising one. I've read Ambassador Brooks' bio. He has four decades of national security experience. He's been a high-ranking Navy officer. He's been on the staff of the National Security Council. Yet neither he nor any of his staff thought to check that anyone was immediately notified of the breach. (Remember, folks, this agency also has some oversight of our considerable nuclear arsenal.)
So what should have happened? Brooks' response should have been no different from yours, had your information security been violated:
- First, tell everyone. Specifically, that means the three credit reporting agencies: Equifax, Experian, and TransUnion. Notifying them that you may be subject to fraud will make it geometrically harder for an identity thief to steal from you. Make sure you do the same with all of your credit providers.
- Then, track everything. If you don't already have a money management program, such as Intuit's Quicken or Microsoft's Money, get one and install it. Use the downloading feature to track spending and transactions from your online bank and credit card records. If you suspect a thief, check transactions daily or, if need be, hourly. Make records of fraudulent charges and notify both credit providers and authorities of what you've found.
There are plenty more tips I could include here. Instead, I'll defer to Foolish friend Dayana Yochim, who recently produced a report on how to prevent ID theft and permanent credit damage. Her advice is free, and I suggest you download it now. Especially you, Mr. Brooks.
Fool contributorTim Beyersthinks identity crooks ought to be locked up with murderers. Tim didn't own shares in any of the companies mentioned in this story at the time of publication. You can find out which stocks he owns by checking Tim's Foolprofile. Intuit and Microsoft areMotley Fool Inside Valuepicks. The Fool has an ironcladdisclosure policy.