Sang of AlertBoot provides some sharp – and skeptical – commentary on the amended complaint alleging fraudulent charges in a lawsuit against the Department of Defense over the TRICARE breach involving SAIC:
Many news feeds are covering nextgov.com‘s story that victims of last year’s TRICARE data breach are reporting fraudulent credit card charges and bank transactions. Seeing how SAIC, the company responsible for the data breach, had failed to use encryption software to secure sensitive data, this is not surprising.
The argument just doesn’t make sense, however: the breached data did not contain financial information.
I firmly believe that SAIC acted irresponsibly but I can’t agree that the subsequent fraud is tied to their dismissive attitude when it comes to data security.
Read more on AlertBoot.
no cc data for the TRICARE Prime or other payment options for retirees? It costs me $460 a year to stay active in Tricare Prime. Dunno who manages payment info, but there has to be a tie there somewhere.
I have asked Tricare offices why they right down CC numbers and SSN’s where I have had conversions with them. They seem to have a short memory
No one is claiming that TRICARE doesn’t collect credit card info. I assume that they do so just because they are a healthcare provider and charge for premiums, etc., and trying to coordinate everything using cash only would be a nightmare. Of course they collect CC info.
But, just because particular data is collected doesn’t mean that it was breached. As far as the SAIC situation goes, the claim has always been that financial information was not included in the missing backup media — which would actually be in line with PCI rules, if I’m not wrong.
Can we trust SAIC to be honest/right? That’s a question that I won’t speculate on.
Tricare should use only the last four of SSAN, when required, this will cut down on fraud.