FMWRC Public Affairs posted the following on www.army.mil:
A laptop computer containing names and personally identifiable information for slightly more than 42,000 Fort Belvoir Morale, Welfare and Recreation patrons was stolen from a Family and Morale, Welfare and Recreation Command employee Nov. 28.
The Family and MWR Command was made aware of the theft Dec. 1, and began assessing the extent of the security breach and preparing to notify affected customers. Letters were sent this week to all affected patrons explaining the nature of the breach.
[…]
Anyone attempting access to the data on the computer would have to bypass three layers of security access and encryption passwords.
[…]
The Family and MWR Command operates numerous facilities on Fort Belvoir, including childcare centers, bowling centers, restaurants, outdoor recreation facilities, and golf courses. Soldiers, family members, Department of Defense employees and other authorized MWR patrons who used an MWR facility on Fort Belvoir since 2005 may be included in the data on the laptop.
Update: CNN‘s Samantha Hayes provides some additional details:
The security breach happened when the rental apartment of an employee with the Morale, Welfare, and Recreation Academy was burglarized in Clermont, Florida, officials said. The theft was reported to local police November 28, but the military was not notified until the employee returned to work three days later.
Military officials say the employee was using the laptop for remote training courses, and it has not been determined whether any protocol was breached.
[…]
CNN obtained the notification letter sent, almost two weeks later, to those affected. It says, in part, that the alleged compromised information “includes your name, Social Security number, home address, date of birth, encrypted credit card information, personal e-mail address, personal telephone numbers, and family member information.”
Thanks to the good folks over at ITRC for alerting me to the CNN coverage.